Closed (fixed)
Project:
Taxonomy Access Control
Version:
6.x-1.2
Component:
Code
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
6 Jul 2010 at 03:02 UTC
Updated:
26 Jul 2010 at 14:00 UTC
to repeat what I seen:
1. create two users: user A and user B with same role.
2. give 'create' and 'edit' permission of a term to the role.
3. login as user A, create a node which status=0.
4. login as user B, user B can not edit the node created by user A.
Comments
Comment #1
keve commentedonly users with 'administer nodes' permission has right to access nodes with status=0.
(all rights granted by access type modules (eg. OG, TAC) are IGNORED if status=0)
Comment #2
timoratd commentedThanks, It is great to know.
I created 'user C' without 'administer nodes' permission, but with 'edit any story content', the user is able to edit the node with status=0, but with 'edit any story content', the user is able to edit nodes from any terms.
Let me explain why this is important to us:
we have a process to publish an article: add->edit->approve->publish
the node should not be 'status=1' before the last step.
Comment #3
xjmRe #2, this is the way core permissions behave (outside TAC's control). You might want to take a look at the workflow module:
http://drupal.org/project/workflow
It allows you to add workflow states so that (e.g.) users can create and edit content in a "review" state before it is fully published.
Comment #4
whiklojI have just come across this issue and I am wondering how Workflows can solve it.
I currently have a workflow setup so my authors can "Save as draft" (unpublished) or "Publish" (published).
Now I see that "Save as draft" needs to be "Save (hidden)" because no one else can edit that author's nodes if they are unpublished.
But that means I will have to publish all my nodes, so I am relying on my views (etc) to restrict by workflow?
I think I am missing something...
edit
I was missing the Workflow filter, so I think I understand now. Except won't these nodes be viewable by anyone? Are we just assuming they won't get to them if they are not in a specific list? Or can I restrict a certain role (say anonymous) from accessing any content in a "Hidden" state?
Comment #5
xjmI am fairly certain you can use workflow to restrict access to nodes in certain states. There used to be a separate module called workflow access, but I think this has been merged into the main module.