As advancement of #513078: Flexible revision permissions., this patch implements even more fine-grained permissions: "view revisions of own content" is removed, and for any content type there are 2 additional permissions: "view revisions of any $contenttype" and "view revisions of own $contentype". This allows, for example, to let your authors see article revisions they work on, but hide revisions of forum posts, which you may store internally to keep audit history and for purposes of moderation. Also this allows to have local moderators, for example article editors which will have only "view revisions of any article content" permission, but not "view revisions" one.

CommentFileSizeAuthor
#4 rev-granular.patch2.08 KBcrea
#3 more-granular-perms-updated.patch2.13 KBcrea
more-granular-perms.patch1.96 KBcrea
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

crea’s picture

crea CreditAttribution: crea commented

Also there may be additional changes required in Module Grants but I let Rik decide (cause I'm not expert of Module Grants internals)

crea’s picture

crea CreditAttribution: crea commented
Title: More granular "view revisions" permissions. » Even more granular "view revisions" permissions.
crea’s picture

crea CreditAttribution: crea commented
FileSize
more-granular-perms-updated.patch2.13 KB

I updated patch with same access check as in #549588: "View revision of own content" should also check node access
It is against dev version without #549588: "View revision of own content" should also check node access applied.

crea’s picture

crea CreditAttribution: crea commented
FileSize
rev-granular.patch2.08 KB

Removed node module check to support node types implemented in other modules (e.g. faq, forum, blog etc).

RdeBoer’s picture

RdeBoer
Location Melbourne
CreditAttribution: RdeBoer commented

Thanks crea, this patch could come in very handy..
Rik

BenK’s picture

BenK CreditAttribution: BenK commented

Hi crea and Rik,

I'm very excited about these new more granular permissions! It's just what I need. Is the latest patch in #4 applied against an old dev version? I have the latest dev version (2009-Aug-03), so I'm wondering if the patch will work if I try to apply it.

I'd love to get this feature committed to the 6.x-2.x-dev branch ASAP. Let me know if I can do any testing to speed up the process....

Cheers,
Ben

crea’s picture

crea CreditAttribution: crea commented

Why not try applying instead of asking ?

BenK’s picture

BenK CreditAttribution: BenK commented

Hey crea,

I tried out the patch (did quite a bit of testing) and it works really well. It's great to have the ability to set permissions per content type.

In my testing, I did notice one possible bug, but I'm not sure if this is by design:

If a user does NOT have "edit any [contenttype]" or "edit own [contenttype]" permissions, but does have "view revisions of any [contentype]" and "edit revisions" permissions, then I would expect the user to be able to do the following:

* The "Edit Current" tab should be hidden.
* The "Revisions" tab should be visible.
* All revisions except the currently published revision should be editable.

In my testing of the above configuration, however, none of the revisions are editable. Is this the expected behavior or a possible bug?

Regardless, this is probably a minor edge case... nothing that should hold up implementation of the patch.

Thanks for your great work,
Ben

crea’s picture

crea CreditAttribution: crea commented

It's intended behavior. For "edit revisions" Module Grants module checks both if you have "edit revisions" permission and if you have "update" node grant on the node. If "update" node grant could be skipped it would make node access modules useless when used with revisions.
In case you disable "edit [contenttype]" permission, you need to have some access control module that grants "update" access.

BenK’s picture

BenK CreditAttribution: BenK commented

crea,

Thanks for the explanation. Makes perfect sense now. In that case, I think this patch is ready. I've done pretty extensive testing with numerous configurations and everything works as expected.

Rik, is it possible to commit this patch ASAP?

Cheers,
Ben

RdeBoer’s picture

RdeBoer
Location Melbourne
CreditAttribution: RdeBoer commented

Thanks crea and Ben,
I may find some time this weekend or Monday. There's some other bits and pieces that need to go in as well, so it's not an entirely straightforward check-in.
Rik

BenK’s picture

BenK CreditAttribution: BenK commented

Thanks, Rik, for your efforts! Really appreciate it....

--Ben

samchok’s picture

samchok CreditAttribution: samchok commented

subscribe

RdeBoer’s picture

RdeBoer
Location Melbourne
CreditAttribution: RdeBoer commented

Sorry guys, didn't get round to doing it before my holidays.
Will look at ik on my return.
Rik

BenK’s picture

BenK CreditAttribution: BenK commented

Rik,

When will you be back?

Have a great vacation,
Ben

samchok’s picture

samchok CreditAttribution: samchok commented

I think someone here could be interested, a "View revisions by content type" module has also been released: http://drupal.org/project/view_revisions_by_content_type

crea’s picture

crea CreditAttribution: crea commented

Huh, I think it will conflict with Revisioning or even won't affect it at all, since we use special menu path containing "%vid" instead of just "%". There will probably be collision in permission namespace. Anyway I'm not going to change this patch to make it compatible.

BenK’s picture

BenK CreditAttribution: BenK commented

Hey Rik,

Are you back yet from your vacation? I'd love to get crea's patch in this thread committed to the module as soon as you have a chance....

Thanks,
Ben

RdeBoer’s picture

RdeBoer
Location Melbourne
CreditAttribution: RdeBoer commented
Assigned: Unassigned » RdeBoer
Status: Needs review » Fixed

Comitted.
Available in versions dated 21-Nov-09 or later.

crea’s picture

crea CreditAttribution: crea commented

I think you will need to make some corresponding changes in module_grants_node_access() too...

RdeBoer’s picture

RdeBoer
Location Melbourne
CreditAttribution: RdeBoer commented

Hmm... I see what you mean.... It's been a while I looked at my own code....
Will update soon....

BenK’s picture

BenK CreditAttribution: BenK commented

Hey Rik and crea,

I'm not sure I fully understand crea's comment in #20.... Does this mean that there needs to be a corresponding change in the Module Grants (http://drupal.org/project/module_grants) module as well?

Thanks,
Ben

RdeBoer’s picture

RdeBoer
Location Melbourne
CreditAttribution: RdeBoer commented

Correct.. I will do this soon....
Rik

BenK’s picture

BenK CreditAttribution: BenK commented

Hey Rik,

Just wanted to check in to see the status of the corresponding change in the Module Grants module... Will there be problems if I upgrade to the latest -dev version of Revisioning, but Module Grants isn't yet updated?

Thanks,
Ben

RdeBoer’s picture

RdeBoer
Location Melbourne
CreditAttribution: RdeBoer commented

Hey Ben,
I have upgraded both Module Grants (which now includes Module Grants Monitor as an optional feature) and Revisioning so this feature should now be complete... Versions of 16-Dec-09 or later...
Rik

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.