Doesn't work with arbitrary revisions with Content Moderation

Created on 7 April 2021, over 3 years ago

Updated 23 July 2024, 4 months ago

Problem/Motivation

With core's Content Moderation module enabled, entities such as nodes can have multiple revisions. Where this intersects with this module is the case where a node has a draft revision, that is, an unpublished revision that is newer than the published revisions, like this:

- revision 3 - unpublished
- revision 2 - unpublished
- revision 1 - published

In this example, the path /node/ID/latest shows revision 3, and with the AU token, this can be visible to anon users.

The path node/971/revisions/2/view shows revision 2, but even with the AU token, this is not visible to anon users.

The problem appears to be that on the node/971/revisions/2/view path, access_unpublished_entity_access() gets an $entity that reports to be published, with revision ID 1, rather than 2.

I'm not sure what's going on here. Core's NodeRevisionAccessCheck is correctly checking access on the right revision, so I don't know why by the time hook_entity_access() gets invoked, it's the active revision.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

1.0

Component

Code

Created by

🇬🇧United Kingdom joachim

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 1 year ago →
JSchref
If you landed here, like I did, there are two other modules which allow token access and may address this requirement for you:

https://www.drupal.org/project/node_authlink →
Provides tokenized access to provide any of a variety of configurable actions on content revisions, not just the latest revision.

https://www.drupal.org/project/preview_link →
Provides a preview link that is tokenised, and therefore bypasses access control to allow any user to view the latest revision of an entity.

I hope this helps the next guy, even if it doesn't address the issue for this particular module. :)
Comment 4 months ago →
🇺🇸United States justcaldwell Austin, Texas
Thanks @JSchref for pointing me to node_authlink. You did help the next guy. 🙏

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024