Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In diff_menu_alter() the access callback is changed for the 'view' revision links. This becomes a problem when diff is disabled on a content type.
The diff callback does check 'administer nodes', but that's not enough, normal users should also be able to use this when they have this permission, diff enabled or not. And that still does not solve the problem, because the rendering of the view revision links and the 'view revision' button are both using the same function.
Install Drupal core, diff, workbench, workbench moderation to really enjoy this problem.
Comment | File | Size | Author |
---|---|---|---|
#7 | diff-2124343-7-allow-access-to-revisions-without-diff.patch | 2.9 KB | Alan D. |
Comments
Comment #1
Rob C CreditAttribution: Rob C commentedAnd the root of the problem is in hook_menu(). Where the access callback is changed, so valid users do not have permission when the option is disabled. The patch does not solve this, it's a bigger problem.
Comment #2
Rob C CreditAttribution: Rob C commentedComment #3
Rob C CreditAttribution: Rob C commentedComment #4
Matroschker CreditAttribution: Matroschker commentedMaybe I have the same problem..
Drupal 7.27, Revisioning Dev-version, Diff 7.x-3.2+20-dev
We check this with a user which has the Administrator role (with all permissions).
I have a node which is published, content is --> ABC.
I create a pending version, now the content is --> ABCDEF
In the tab "Revision operations" (from revisioning module) I can see one published revision and on pending revision, for both I can click on the creation date to view the different revisions. But if I click on the pending revision I always see the content --> ABC, but this isn't correct.
If I disable the DIFF module the link to the pending version shows me the content --> ABCDEF.
Is this the issue which is described here in this bug?
Thanks.
Matroschker
Comment #5
Rob C CreditAttribution: Rob C commentedSounds very similar indeed.
Comment #6
JvE CreditAttribution: JvE commentedI think the 'Enable the Revisions page for this content type' does exactly what it says.
It disables access to revision information for deselected content types.
This was introduced by popular demand way back in #413308: Display revisions by content type.
I do agree that disallowing access to revision information does not belong in the diff module.
I believe this was included because the thought was that diff would move into core soon.
Changing this functionality now would mean that on all sites that depend on this "feature" the revision information becomes available again for content types where it should not be.
Comment #7
Alan D. CreditAttribution: Alan D. commentedNote, this could get complicated with a few modules interacting with this menu item... And #4 sounds like an issue in the other module.
Would a simple configuration option help here? You can turn off diff and use core instead.
Note if you run this patch on an old version, you will skip update diff_update_7307() that grants access to the View changes button. So you will need to manually set those permissions.