How do I allow other users to edit content others have created?
For example, user1 creates a story. user1 can edit the story. How can I give user2 rights to edit the story as well? There is a permission for "edit own content" under stories but there is no "edit all content" under stories. This seems like a severe limitation to me.
Thanks, David
On Wednesday 22 February 2006 12:34 pm, David Grant wrote:
How do I allow other users to edit content others have created?
For example, user1 creates a story. user1 can edit the story. How can I give user2 rights to edit the story as well? There is a permission for "edit own content" under stories but there is no "edit all content" under stories. This seems like a severe limitation to me.
Thanks, David
Modify the code for the story.module.
Specifically, edit line number 32, thusly:
return array('create stories', 'edit own stories');
to something like:
return array('create stories', 'edit own stories', 'edit any stories');
And add something like the following to the story_access() function:
if ($op == 'update' || $op == 'delete') { if (user_access('edit any stories')) { return TRUE; } }
Disclaimer: The above is UNTESTED code for the 4.6.5 version!
On Wednesday 22 February 2006 01:18 pm, David Grant wrote:
Thanks a lot!<br>
<br> My first question is, if I add a permission like this...what happens when I upgrade to 4.7 eventually? Any problems there?<br>
It will work the same way. Currently, in CVS HEAD, the story module has create, edit and delete broken out. create and delete are all or nothing, and edit is user specific.
I just checked out the story.module code... and it looks like the solution might be a bit simpler. Here it is:<br> <tt>if ($op == 'update' || $op == 'delete') {<br> if (user_access('edit own stories') && ($user->uid == $node->uid)) {<br> return TRUE;<br> }<br> }<br> </tt><br> I could just remove the <tt>&& ($user->uid == $node->uid)</tt> which means that "edit own stories" permission now means "edit all stories" because there is no check whether or not they are the owner, just that they have the "edit own stories" permission. There are basically 3 people on the site in a "content creator" role. I want those people to be able to collaboratively edit content (ie. fix their typos, change wording, etc...) like on a wiki.<br>
Yes, you could do that. I didn't know what your situation was, and so I erred on the safe side.
I could break up the logic...so that the <tt>($user->uid == $node->uid)</tt> would be required to delete a story but not to edit it... <br>
<br> I dunno, I'm a bit of a n00b, does this make some sense? Can anyone poke any holes into this idea?<br>
To break out edit and delete, you would want something like this (in place of what is there):
if ($op == 'update') { if (user_access('edit all stories')) { return TRUE; } }
if ($op == 'delete') { if (user_access('delete own stories') && ($user->uid == $node->uid)) { return TRUE; } }
With the relevant changes in the store_perm () function, and again, this is untested.
You could go all out and have all, nothing and any little piece in between, i.e.: create, edit or delete; none, yours or any.
Jason Flatt wrote:
To break out edit and delete, you would want something like this (in place of what is there):
if ($op == 'update') { if (user_access('edit all stories')) { return TRUE; } }
if ($op == 'delete') { if (user_access('delete own stories') && ($user->uid == $node->uid)) { return TRUE; } }
With the relevant changes in the store_perm () function, and again, this is untested.
You could go all out and have all, nothing and any little piece in between, i.e.: create, edit or delete; none, yours or any.
Thanks a lot again for your help.
When I did a quick test yesterday, I just got rid of && ($user->uid == $node->uid) and what happened was the people that weren't the author couldn't delete even though is was under the if 'delete' || 'update'. Not sure why, but that was the behaviour. I found it interesting as well, that the author immediately changed to the new editor, which was a little unwanted/unexpected. I guess there is a hook somewhere to allow users with the 'edit all stories' permission to edit the author information as well... currently I think only user 0 can do that.
Dave
-
David Grant -
Jason Flatt