Rik... I swear I'm trying to not keep running into glitches only with revisioning... lol hopefully this is a quick one.

First off kudos on the "grants monitor" module as it has really helped a few of our users see what content types they can work with.

There was however a small issue with this. When you use "grants monitor" and view the "I can edit tab", users that have roles that allow for publishing revisions, see a message listing every content type stating that they can publish revisions on content types they may not necessarily have access to create or edit...

I honestly do not know if this would be the grants monitor not reading the permissions properly or the fact revisioning is not actually granting revision publishing per content type... (this makes sense considering the permissions only allow for viewing revisions of own/any content types).

For now I just disabled the "View Revision Status Messages" permission for these users to hide this.

Is this the designed behavior or is this a glitch?

Comments

RdeBoer’s picture

Thanks for the kudos, pumpkinkid!

... users that have roles that allow for publishing revisions, see a message listing every content type stating that they can publish revisions on content types they may not necessarily have access to create or edit...

Yes the publish and unpublish operations only require the following:
o the user has the "publish revisions" ("unpublish current revision") permission
o the user has "view" permission
o the checkbox "New revision in draft, pending moderation" is ticked for the content type in question

In order to publish users don't need "edit" permission, only "view" permission. This may be a moot point... Some may argue that a change of the publication status consititues an "edit", however in the current version of Revisioning "edit" permissions are not a prerequisite for publish/unpublish.

pumpkinkid’s picture

Ahh... I think I misunderstood one of the permissions... Does "view revisions" bypass the "view revisions of any [Content_type]" and "view revisions of own [Content_Type]" permissions added to revisioning recently?

I had this enabled and I guess that's why my users were seeing more content types than those available to them... would that make sense?

[Edit] NVM... I still have them see too many content types... [/Edit]

Is there a way to layer the permissions in a way that would allow users to only see "You have permission to publish revisions of type(s): (Only content types user can see revisions of)"?

RdeBoer’s picture

Assigned: Unassigned » RdeBoer
Category: support » bug

Does "view revisions" bypass the "view revisions of any [Content_type]" and "view revisions of own [Content_Type]" permissions

Yes, "view revisions" applies across all content types and takes precedence over the more fine-grained view permissions introduced by Revisioning. So for those to be effective, you have to switch-off "view revisions".

Having inspected the code, I can see you are right, in displaying the message there's no check for the view permission.

Will add this. Thanks pk.

pumpkinkid’s picture

Assigned: RdeBoer » Unassigned
Category: bug » support

Well hey! Nice to know I did find something after all... With my track record being it was other unrelated nodes that caused the problem :-)

Thanks again Rik

pumpkinkid’s picture

Category: support » bug

Damn... sorry about that... I don't know how I changed the status back...

RdeBoer’s picture

I have fixed this and checked this into the CVS repository.
It's part of a whole refactoring I am undertaking to make Module Grants and Revisioning easier to maintain and to allow other modules to hook in. It ***should*** work, but not having tested it properly yet, I am reluctant to create a new release for it right now.
But if you are game and feel comfortable checking out the HEAD of both modules from CVS, then by all means please give it a spin in your test environment... You can always switch back...

pumpkinkid’s picture

I attempted using the CVS... First off I had a bit of trouble due to the fact that I was getting "access denied" on the "accessible content" page. Looking at the modules list I found your two new additions to module grants and had to uncheck the module grants monitor to enable the two new modules. After doing so I was able to navigate to the Accessible Content page.

At first glance I did not see the issue occur. However, I realized that the reason behind that was because the page that used to show the message was the "accessible-content/i-created/pending" page. Did you get rid of that button? I only saw Published, Unpublished and All, no "In/Draft Pending Publication".

Anyways, I had to roll back the cvs as my site started showing a blank page only where content was actually being seen... ie. when viewing a node or the front page.

Any Ideas?

RdeBoer’s picture

Sorry you had to roll back... as I mentioned, it isn't tested properly yet (thanks for doing the first cut!). Bit worried about the blank screen, as that's a rather obvious one.... I wonder why I'm not getting it....

I guess you'll have to hang out for that bug fix a bit longer....

The permission for the "In Draft/Pending publication" tab lives under the revisioning section of the user permissions page. This is because Module Grants Monitor may be used without Revisioning (i.e. with just Module Grants), in which case that permission does not apply and should not be seen by the user.

pumpkinkid’s picture

No problem, glad to help.

As for the blank screen... of course I have to be the one to find it... lol It would just make me feel a lot better if other people had the same problems too...

So I guess there is something deeper than just the white pages... Could you possibly have had some dependencies on your cvs copy for Revisioning?

Now that I know that there is a problem, I can do a more thorough check once I re-instate my test server... I took the chance and used the cvs on my live site... took 5 minutes before someone came in asking if the site was down... lol

Anyways. Let me know if you can come up with any tests you'd like for me to run. As for the bugfix, was it major? is it something I can simply patch? I mean, I can wait, but in the meantime users don't see when there is a newer revision as I have disabled the Revisioning messages.

RdeBoer’s picture

Status: Active » Fixed

Fixed in 6.x-3.5.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.