When an anonymous user is viewing my site and goes to an article or a blog there is a "View | Workflow" menu in the top right corner. I have the permissions pretty locked down, even for authenticated users, but I CANNOT figure out how to get rid of this menu for anonymous. If they click workflow they can see the workflow of the document.

How do I fix this and get rid of that menu?

(example, www.thegrindery.com, click any article or blog)

Comments

arcall’s picture

arcall commented

I have the same issue here. Even tried to create a simple workflow but still remain.

arcall’s picture

arcall commented

Jerzakie, your web site seems to be ok, did you find the solution ?

Best regards,

aenw’s picture

aenw commented

I was having the same problem, but found this:
http://drupal.org/node/1052176 that points out that the Workflow summary is a View. So if you have your permissions set such that anonymous users can see all views, they're going to be able to see this one.
In my case, I just changed user permissions so that anonymous users cannot see all views, and that worked fine for my site. But perhaps there are cases were the solution will involve more attention to specific views and permissions.

arcall’s picture

arcall commented

I have found this guy who wrote a patch for workflow.module based on permission ! Work perfectly for me http://drupal.org/node/785194

jerzakie’s picture

jerzakie commented

It's weird it shows up on some posts, and not other and I can't see any difference between them. The patch did not help and I already had the workflow permission set :(

jerzakie’s picture

jerzakie commented
Component: Miscellaneous » Code
Category: support » bug

Ok I figured it out. I think this is a bug. If you have a node (article or blog in this case) and set the author as anonymous (ex, remove the author name from the box) this View and Workflow links will show up. If there is an author in there they do not show up.

sunskr’s picture

sunskr commented
Project: OpenPublish » Workflow
Issue summary: View changes

Hi

Anonymous’s picture

Anonymous (not verified) commented
Project: Workflow » OpenPublish
Status: Active » Postponed (maintainer needs more info)

Are you still having this issue? I'm not able to replicate it.

Anonymous’s picture

Anonymous (not verified) commented
Status: Postponed (maintainer needs more info) » Closed (fixed)

No response in 2 weeks. Please re-open if this is still an issue.

sylvaticus’s picture

sylvaticus commented
Project: OpenPublish » Workflow
Version: 6.x-1.x-dev » 6.x-1.5
Status: Closed (fixed) » Active

Hello, I have the same behaviour: if the node is without a defined author (anonymous) all anonymous users can see the workflow tab (history).
However on my imported content I can't put the author but I would still like my anonymous users to not be able to see the history.
I think this bug refer to the workflow module rather than openpublish.

Mirroar’s picture

Mirroar commented

@sylvaticus
If you edit your workflow, you will find a section specifying who can see the workflow tab on nodes. If "author" is activated, anonymous users will be able to see the workflow tab on any nodes that don't have an author set (because the node was created by "anonymous", so every anonymous user is considered to be the "author")

sylvaticus’s picture

sylvaticus commented

@Mirroar
Thank you. I understand the logic, however I think that there should be a logic that if author is anonymous and anonymous users are specifically not allowed to see the workflow tab, they should be denied access, whatever they are the "authors" of that specific node.
I don't think this would negativelly impact any different user case.

[edit]Otherwise for the same logic, if author is allowed to make modifications on a node type and one node in anonymous, all anonymous users would be able to edit the node! That's (luckily) not the case in Drupal, so we should just keep the same behaviour with the "see workflow tab" permission :-) [/edit]

yan’s picture

yan commented
Title: Anonymous users can see a "View | Workflow" menu on articles, can view workflow history » Disallow access to workflow history to anonymous users
Version: 6.x-1.5 » 6.x-1.x-dev
Priority: Normal » Critical

Wow, I think that's really a critical issue. My settings allowed "authors" to see the workflow history and suddenly, when I removed the author from a node, the workflow history became public. I think that's very bad - in my case it revealed the title of the node and users that worked on it to the public and also to search engines, although that information shouldn't be accessable!

yan’s picture

yan commented
Issue summary: View changes

How can someone else edit anyone's message here?

johnv’s picture

johnv
Primary language Dutch
commented
Issue summary: View changes
Status: Active » Closed (duplicate)

The following issue has a patch for this problem:
#437874: Every anonymous user has author role access to nodes with 'anonymous' author (D6)