Issue status update for http://drupal.org/node/11071 Post a follow up: http://drupal.org/project/comments/add/11071 Project: Drupal -Version: 4.5.2 +Version: cvs Component: node.module Category: bug reports Priority: normal Assigned to: Anonymous Reported by: mathias Updated by: killes@www.drop.org -Status: active +Status: patch (code needs review) This patch still applies. I don't immediately see why this is related to the revisions patch. killes@www.drop.org Previous comments: ------------------------------------------------------------------------ Sat, 25 Sep 2004 18:23:13 +0000 : mathias With the new node-level access permissions, it is entirely possible for users in the same role, or having the same taxonomy term to edit each other's nodes. However when this happens, node_validate will transfer ownership of the node to the user who last edited it. I think this behavior should be changed so that original authorship is always maintained unless specifically transferred. The problem lies in node_validate, here: $node->uid = $user->uid ? $user->uid : 0; Since an alteration such as this could introduce an exploit, I'm wondering what other's feel would be the best solution? I was working on a role-based editing permissions module (based on JonBob's nodeperm_role.module) where the author of a node controls which groups can view/edit their post. ------------------------------------------------------------------------ Sat, 25 Sep 2004 21:34:00 +0000 : mathias Attachment: http://drupal.org/files/issues/node_perm.patch (655 bytes) Here is a proposed patch, which would then allow node authors to choose which users could view/edit their post. ------------------------------------------------------------------------ Tue, 21 Dec 2004 16:42:24 +0000 : moshe weitzman seems simple enough to me. we ought to protect against unintentially changing the author, right? +1 ------------------------------------------------------------------------ Mon, 27 Dec 2004 09:16:57 +0000 : Dries Hopefully, this will become easier/clear as soon the revisions patch hit CVS. Let's revisit this soon. ------------------------------------------------------------------------ Wed, 23 Feb 2005 05:52:26 +0000 : tangent As requested in this issue [1], it may be desirable for users with the permission to do so to change the owner of a node. [1] http://drupal.org/node/17267 ------------------------------------------------------------------------ Tue, 08 Mar 2005 20:57:14 +0000 : Dries Waiting for the node revision patch to land.