content_lock.png

This module was, until recently, unsupported due to a security issue the previous maintainers didn’t fix. See SA-CONTRIB-2014-024 - Content Lock - CSRF for details.

Please ensure you use a newer, secure release (7.x-2.0 or later).

Features

  • Block concurrent editing: When a user is editing a node, any other user that attempts to edit the same node will be blocked from doing so, and notified that the content is already being edited.
  • By node type: This module can be configured to only lock certain content types against concurrent editing.
  • By format: This module can be configured to only lock specific input formats against concurrent editing.
  • Avoid losing content by accident: If a user is editing content and attempts to leave the edit form without first saving it (e.g., closing the browser window/tab, clicking on a link, etc.), they will be notified. If the user confirms that they want to leave without saving the node, the edit lock gets automatically removed by an ajax call. This behaviour can be disabled on the modules settings page.
  • Avoid forgotten locks: Users are notified if they forget to unlock a node. They will be prompted to click on a link to unlock the node.
  • Views integration: All open locks can be listed using Views.

Compatibility / Dependencies

Server Dependencies

- none

Client Browser Dependencies

- none

Installation

  1. Just download and activate the module as normal.
  2. Configure the user permissions:
    1. check out documents - This enables content locking when a user starts editing a node. Note that even without this permission, users are still able to edit contents, they're just not protected against concurrent edits.
    2. administer checked out documents - View and release locked contents of all users. This enables the administrative tab on Content management >> Content. Note that even without this permission, users can manage their own content locks on their profile page.

Goals

Safe content editing

The main goal is to be 100% safe. That means that under no circumstances should a user be able to edit a node that another user is already editing. It was a design decision to prefer a somewhat heavy-handed approach rather than risk removing a lock too early. For example, a user can only remove their lock using the save or the cancel buttons, as opposed to simply closing their browser window.

API

API documentation can be found at: content_lock.api.inc.

Maintainers

Current maintainer:

Previous maintainers include:

Sponsors

Poetic Systems

This module was (once) sponsored by KontextWork GbR for Drupal Wiki.

Supporting organizations: 
Security maintenance

Project Information

Downloads