Contrib.social

If user doesn't have access to scheduled state, they are unable to edit the scheduled content

Open on Drupal.org โ†’
Created on 26 January 2023, over 1 year ago
Updated 15 May 2024, about 1 month ago

Problem/Motivation

I have a scenario where non-admin users create content, provide a proposed publication date, and submit it for review. Then admin users approve the content and schedule the transition. But once the content is scheduled, the original non-admin authors cannot edit and resubmit the content for review. This might be the way the module is intended to work, but it does not work for my situation.

I read through the code for this module, and believe this is the direct result of the scheduler_content_moderation_integration_entity_access() function. This function looks at the scheduled publish and/or published states and evaluates if the current user is allowed to perform a transition to them. Like a "publish now" or "unpublish now" feature, if you will. In my scenario, the user cannot publish, so the result is that they cannot do any other transitions, even if they have the proper permission to perform them. So I'm quite confused why this function even needs to exist. Why can't we let moderation's transition permissions handle whether the user can update an entity? The amount of transitions available because of scheduler_content_moderation_integration_entity_access() is always going to be less than moderation's core permissions. Why?

Proposed resolution

TBD

Remaining tasks

Clarify the reason why this module further limits current potential transitions for scheduled content. If there is a use case, perhaps make this functionality optional.

User interface changes

TBD

API changes

TBD

Data model changes

TBD

๐Ÿ› Bug report
Status

Active

Version

3.0

Component

Code

Created by

๐Ÿ‡บ๐Ÿ‡ธUnited States pianomansam

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @pianomansam
  • Comment over 1 year ago โ†’
    ๐Ÿ‡บ๐Ÿ‡ธUnited States smustgrave

    Can look at it more later this week. But essentially when you do a schedule you are saying this revision needs to be published. If you let a user then edit it and create a new revision then the schedule would need to be cancelled out. Not sure if thatโ€™s peopleโ€™s desired behavior though.

  • Status changed to Postponed: needs info over 1 year ago
  • Comment over 1 year ago โ†’
    ๐Ÿ‡บ๐Ÿ‡ธUnited States smustgrave

    For #2

    Under the current described workflow it would seem once an approver sets the scheduler if an editor can go in and edit then they can get around the reviewer and publish what they want.

  • Comment over 1 year ago โ†’
    ๐Ÿ‡บ๐Ÿ‡ธUnited States pianomansam

    Under the current described workflow it would seem once an approver sets the scheduler if an editor can go in and edit then they can get around the reviewer and publish what they want.

    That would only happen if the editor has permission to perform a workflow transition that would publish it. In my scenario, the permissions on workflow transitions don't allow a non-admin (editor) to perform any transition into a published state.

    Here's the list of my workflow states:

    1. Draft
    2. Needs Review
    3. Scheduled
    4. Published
    5. Archived

    Non-admins (editors) have permission to perform the following transitions:

    1. Save Draft (Draft, Needs Review -> Draft)
    2. Submit for review (Draft, Needs Review, Scheduled, Published, Archived -> Needs Review)

    Admins (approvers) can do the above but also:

    1. Schedule (Needs Review -> Scheduled)
    2. Publish (Draft, Needs Review, Archive -> Published)
    3. Archive (Published -> Archive)

    However, because scheduler_content_moderation_integration_entity_access() limits the transitions to the ones stored at $entity->publish_state and $entity->unpublish_state, non-admins (editors) cannot perform either of their transitions.

    So again I ask, why does this module tinker with workflow transition permissions? If the transition permissions are incorrectly configured, that's not this module's fault. IMHO, this module should only worry about scheduling one transition to another, not changing how the core transition permissions work. Unless it has a certain reason to do so, and then only if the opted into.

  • Status changed to Active over 1 year ago
  • Comment over 1 year ago โ†’
    ๐Ÿ‡บ๐Ÿ‡ธUnited States pianomansam
  • Comment 8 months ago โ†’
    ๐Ÿ‡บ๐Ÿ‡ธUnited States joewhitsitt Iowa

    We have just recently run into this in setting up the module for our sites. We have a similar role that can create, edit but not schedule/publish who are locked out from making edits until the scheduled date is processed.

    We are adding messages alerting the users that this is the case so they don't get confused why they can edit other nodes of this type but not these.

  • Comment about 1 month ago โ†’
    ๐Ÿ‡บ๐Ÿ‡ธUnited States smustgrave
contrib.social Blog FAQ Discussions
Production build 0.69.0 2024