Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This great module help a lot in a context of a website of mine - thanks!
However, we were surprised to discover that a node is saved unpublished although the default setting for its content type is set to Published. This happens for a user with a role that does not have the "Publish editable content" permission.
I think that this behavior is wrong, as it couples two different conditions:
- The user can publish a node actively by using the button supplied with this module;
- The node should always be created as published.
The coupling was added in function publishcontent_form_node_form_alter after the issue #1972140: Content permissions should be verified during node presave. I did not want to reopen the issue there both because it is old and also because I understand that in some contexts that behavior may be required.
But, the coupling per-se is wrong. Here is the case of the website: a user without "Publish editable content" permission nor "Unpublish editable content" permission creates a node. It should always be created as published. Another user (one is an "editor" role) have the said permission so she can unpublish a node if she thinks that it has wrong data. She then make her checking and may republish the node. That is, we user the module exactly as it is declared to be used, quoting from the module page: "This module enables granular publish and unpublish permissions which allows you to grant roles on your site the ability to publish or unpublish specific content types without having to give them the administer content permissions."
I would argue that this is a bug, but as it is out there for three years now and people may even use this coupling for the logic of their site, this cannot be simply removed. Hence, I categorize it as a feature request. As for how it should be implemented - I am not sure how the maintainer would like to address this issue, but I am willing to help once I get positive feedback (from maintainer and/or community).
A workaround that we made is (COUGHING) to hack the code in the main file of the module where the code was added, that is, in function publishcontent_form_node_form_alter - to totally disable the whole if block:
// if (!publishcontent_publish_access($node)) {
// if (!isset($node->nid)) {
// // Ensure users without permission to publish can't do so because of the
// // default setting in the content type. This setting controls the actual
// // value in $form_state.
// $form['options']['status']['#default_value'] = 0;
// // These won't affect $form_state but also need to be updated.
// $form['#node']->status = 0;
// $node->status = 0;
// }
// if (empty($node->status)) {
// // Publish content is unavailable for user without publish access.
// return;
// }
// }
Note: everything that I said about decoupling the publish permission from the creating a published in node is true also for the unpublish situation. That is, there should be decoupling of the unpublish permission from the creating an unpublished node. For the sake of simplicity I wrote only about our case.
Thanks.
Comments
Comment #2
Amir Simantov CreditAttribution: Amir Simantov commentedComment #3
Amir Simantov CreditAttribution: Amir Simantov commented