[support] How-to allow other users to edit content created by others

Jason Flatt drupal at oadae.net
Thu Feb 23 06:07:06 UTC 2006 

On Wednesday 22 February 2006 01:18 pm, David Grant wrote:
>
> Thanks a lot!<br>
> <br>
> My first question is, if I add a permission like this...what happens
> when I upgrade to 4.7 eventually? Any problems there?<br>

It will work the same way.  Currently, in CVS HEAD, the story module has 
create, edit and delete broken out.  create and delete are all or nothing, 
and edit is user specific.

> I just checked out the story.module code... and it looks like the
> solution might be a bit simpler. Here it is:<br>
> <tt>if ($op == 'update' || $op == 'delete') {<br>
> &nbsp;&nbsp;&nbsp; if (user_access('edit own stories') &amp;&amp;
> ($user-&gt;uid == $node-&gt;uid)) {<br>
> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return TRUE;<br>
> &nbsp;&nbsp;&nbsp; }<br>
> &nbsp; }<br>
> </tt><br>
> I could just remove the <tt>&amp;&amp; ($user-&gt;uid ==
> $node-&gt;uid)</tt> which means that "edit own stories" permission now
> means "edit all stories" because there is no check whether or not they are
> the owner, just that they have the "edit own stories" permission. There are
> basically 3 people on the site in a "content creator" role. I want
> those people to be able to collaboratively edit content (ie. fix their
> typos, change wording, etc...) like on a wiki.<br>

Yes, you could do that.  I didn't know what your situation was, and so I erred 
on the safe side.

> I could break up the logic...so that the <tt>($user-&gt;uid ==
> $node-&gt;uid)</tt> would be required to delete a story but not to edit
> it... <br>
> <br>
> I dunno, I'm a bit of a n00b, does this make some sense? Can anyone
> poke any holes into this idea?<br>

To break out edit and delete, you would want something like this (in place of 
what is there):

  if ($op == 'update') {
    if (user_access('edit all stories')) {
      return TRUE;
    }
  }

  if ($op == 'delete') {
    if (user_access('delete own stories') && ($user->uid == $node->uid)) {
      return TRUE;
    }
  }

With the relevant changes in the store_perm () function, and again, this is 
untested.

You could go all out and have all, nothing and any little piece in between, 
i.e.: create, edit or delete; none, yours or any.

-- 
Jason Flatt
http://www.oadae.net/
Father of Six:  http://www.flattfamily.com/ (Joseph, 13; Cramer, 11; Travis, 
9; Angela; Harry, 5; and William, 12:04 am, 12-29-2005)
Linux User:     http://www.sourcemage.org/
Drupal Fanatic: http://drupal.org/

More information about the support mailing list