This project is not covered by Drupal’s security advisory policy.

This module is unsupported due to a security issue the maintainer didn’t fix. See SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass for details.

If you want to use this module, your options are:

This module disables the various core paramemters on node add/edit pages.

It started out as a way of removing the "publishing options" from the node admin screen for clients who want to have an editor role who can create and edit content but not publish them and didn't want or need some complicated workflow. So I set the default state for new nodes as "unpublished" and disable the "publishing controls" for all but select roles.

I've also used this module to disable fields in the interest of simplicity. I think casual users are overwhelmed by the admin interface and typically use only a small percentage of it. So if they don't need something, I prefer to remove it.

This module is by no means meant as an alternative to Access Control. You should first try to accomplish your needs there and only resort to this module for special cases.

In the interest of thoroughness, I've made this module capable of disabling all the core node parameters except the title. Admittedly, I can't think of a circumstance where someone would want to remove some of these parameters, but I've always found that the moment you assume you're never going to need something, a need arises.

Most of what this module does can be accomplished in Drupal 7 core or the Field API, so there's no intention of developing this module any further.

Project information