Sneak Preview

On several of my projects I have needed an option to show people content on a site before publishing it. This could be for contributors to have a sneak peek at their contribution for review, managers having a look at an important page for approval before going online with it or simply people, who were relevant to show stuff before it was publicly available.
In the current Drupal world this would require registering these persons, having them log in and giving them or their roles access to see unpublished nodes.
Not really a good, secure or easy way of doing things.
On a custom CMS I did years ago, I added a link to all articles, which included a code that cleared this particular link to circumvent all the usual permissions and allow people who had this unique link to see the single article before it was published. Once the link was published, the link would just take them to the normal article.

I have created a module for Drupal 7, which allows me to do the same thing on Drupal sites.

Please notice...

A Sneak Preview link

Send a Sneak Preview link to a person, and he or she can click on it and be brought directly to the unpublished node. It only allows the person to see this single node, and the permission can easily be revoked or changed for that node.

An option in the node edit form offers the editor to provide a Sneak Preview link, and when this is checked, the module generates a semi-random link code that can be sent to selected persons, who can then see this node even it's not published.

Installation and configuration

Install the module by adding its folder to sites/all/modules, sites/all/modules/contrib or wherever you store your contributed modules. Go to the modules list and activate it. It will create a small table for it data and urge you to do the following setup, which must be done before the module is of any use.
You need to tell the system two things:

• which content types can be sneak previewed
• who can see sneak previews

Content types

Go to the configuration for Sneak Preview and check the content types you want to allow preview for. You need to have permission to Configure Sneak Preview to do this.

Roles

Go to permissions and select which roles are allowed to see sneak previews. This will normally be anonymous users, meaning that a log in will not be necessary to see sneak previews, but it can of course be any role or roles you want.

Permissions

Sneak Preview adds two permission items:

• Configure Sneak Preview - allow users to edit the configuration of node types that will have a Sneak Preview option
• Allow Sneak Preview - allow users to see unpublished nodes. This is usually granted to the anonymous user, which allows any user to see a node linked by a Sneak Preview link. You can also limit this permission to different registered users, but then the user will have to be logged in to see an unpublished node

Sneak Preview also relies on the administer nodes permission, and only allows users with this permission to see the Sneak Preview tab that is added to the node (in line with View, Edit etc.). You need this permission to add a Sneak Preview link, but then again it's of course needed to edit the node at all, so when you can edit, you can also add a Sneak Preview.

Adding a sneak preview link to a node

Once the node types and permissions are set, you can add a Sneak Preview link by going to the Sneak Preview tab in the bottom of the node form for the relevant node types. Here you can activate the Sneak Preview link, and once the node is saved, it will be generated and provided in a tab above the node together with View and Edit.
You can delete the preview code by unchecking the checkbox Provide sneak preview. When you save the node, the code is deleted. You can also force the system to generate a new code, leaving old Sneak Preview links useless.

Using the Sneak Preview link

When the node is viewed by a user logged in with the administer nodes permission, a tab called Sneak Preview will be seen when viewing nodes with a Sneak Preview code. Click on this tab, and you will see some details about the Sneak Preview as well as a link, which can be copied and sent per mail, or distributed as you please.
Users with this link can now see the node provided they are allowed in permissions.

The code

The sneak preview code is based on the node number and the current time, run through MD5, and is virtually random and pretty difficult to guess (let's just say impossible). The code is used in a URL with the format
/node/nid/preview/code
where nid is the node number and code is the MD5-string, like here.
http://somesite.tld/node/263/preview/1d5bffda47e9b0b2abf6a71c6137349a
Upon generation the code and nid are stored internally in a small table, and on viewing a Sneak Preview link the nid and code from the URL are matched against these data.

If the node has been published, the user is redirected to the publicly accessible node.

If the code has been changed or revoked or is simply wrong, the user gets a permission denied message.

If everything is dandy, the node is shown.

The preview

The preview should look very much like the published node, but since we are circumventing permissions here, there is of course a risk that the Sneak Preview user doesn't see everything or see it exactly as it will eventually appear.
The node will also be styled as an unpublished node (light pink background in many themes), and furthermore links, thickboxed images, blocks and similar things may not work. But the user sees something, which essentially is very close to the finished node.
The title Sneak Preview and a Drupal message is added to the page to tell the user of this.
The preview is a single and unique "permission breach", and in no way permanent. It leaves no traces with the user or other traces in Drupal than statistics and similar information. It doesn't assign the user any special role or change the node.