Problem/Motivation

We have some slightly-more-complex-than-usual workflow requirements that state once an author has transitioned a piece of content into the review state, they should not be able to edit it again.

Proposed resolution

To allow this, I propose adding "edit content in X state" permissions. This would give a flexible way for administrators to provide more granular control over each workbench state.

There could potentially be a on/off switch for these permissions in the global workbench settings as to not break existing functionality?

Remaining tasks

Implement.
Tests?

User interface changes

Added permissions and potentially a new configuration item to turn said permissions on.

CommentFileSizeAuthor
#15 2708855-edit-permissions-access-check-15.patch5.4 KBacbramley
#10 interdiff.txt650 bytesacbramley
#10 2708855-edit-permissions-access-check-10.patch6.24 KBacbramley
#3 2708855-edit-permissions-access-check-3.patch5.3 KBacbramley
#2 2708855-edit-permissions-access-check-2.patch44 bytesacbramley

Comments

acbramley created an issue. See original summary.

acbramley’s picture

acbramley commented
Status: Active » Needs review
StatusFileSize
new 2708855-edit-permissions-access-check-2.patch44 bytes

Initial patch to see what breaks.

One thing that is confusing me: I tried to use AccessResult::neutral() in the 2 places where it does the parent::access() call instead as that seems to be what you're supposed to do but that just resulted in access denieds across the board. I've had the same issue before and I'm not sure why.

acbramley’s picture

acbramley commented
StatusFileSize
new 2708855-edit-permissions-access-check-3.patch5.3 KB

Lets try that again.

The last submitted patch, 2: 2708855-edit-permissions-access-check-2.patch, failed testing.

The last submitted patch, 2: 2708855-edit-permissions-access-check-2.patch, failed testing.

The last submitted patch, 2: 2708855-edit-permissions-access-check-2.patch, failed testing.

Status: Needs review » Needs work

The last submitted patch, 3: 2708855-edit-permissions-access-check-3.patch, failed testing.

The last submitted patch, 3: 2708855-edit-permissions-access-check-3.patch, failed testing.

The last submitted patch, 3: 2708855-edit-permissions-access-check-3.patch, failed testing.

acbramley’s picture

acbramley commented
StatusFileSize
new 2708855-edit-permissions-access-check-10.patch6.24 KB
new interdiff.txt650 bytes

Adding permissions to the moderation state admin test user.

acbramley’s picture

acbramley commented
Status: Needs work » Needs review
rooby’s picture

rooby commented

Shouldn't this be handled by the workbench access module?

acbramley’s picture

acbramley commented

That's a good point, we'll see what the maintainer thinks.

acbramley’s picture

acbramley commented

Just reading the first 2 paras of that module, it doesn't seem to fit this feature request.

Workbench Access creates editorial access controls based on hierarchies. It is an extensible system that supports structures created by other Drupal modules.

When creating and editing content, users will be asked to place the content in an editorial section. Other users within that section or its parents will be able to edit the content. A user may be granted editorial rights to a section specific to his account or by his assigned role on the site.

This is specifically edit permissions based on workbench state. Nothing to do with hierarchies, sections, etc.

acbramley’s picture

acbramley commented
StatusFileSize
new 2708855-edit-permissions-access-check-15.patch5.4 KB

Rerolled against HEAD.

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
commented
Issue tags: +Needs tests

We discussed this at DrupalSouth 2016.

I think this code should be a sub-module (or it could even be it's own module).

Mainly because that would give someone the chance to disable it if they didn't want it.

It should slot in on top of existing functionality in its own module.

Also, given we're dealing with access (and therefore security) here, we need tests.

acbramley’s picture

acbramley commented
Status: Needs review » Closed (won't fix)

Thanks Lee, looks like there's a couple of 7.x modules out there already so moving to #2824135: Drupal 8 port

Cheers