[development] Moderation bit behavior

Earl Miles merlin at logrus.com
Tue Jul 4 17:18:52 UTC 2006

Dries Buytaert wrote:
> On 04 Jul 2006, at 17:11, Neil Drumm wrote:
>> Right now we have an inconsistency with our moderation bit. Is it
>> supposed to control the visibility of posts, or is that solely  dependent
>> on status? 13 queries say it should have an effect and /up to/ 38
>> queries say no.
>> The issue for this is over at http://drupal.org/node/71730.
>> I think the underlying problem may be that published (status) is not
>> mutually exclusive with moderation.
> The original context of the moderate bit is the queue.module.  With  the 
> queue.module, nodes that have both the moderate and published bit  set 
> were shown to authenticated users, but not to anonymous users.   
> Nowadays we have node-level permission, something which wasn't  avaiable 
> when I originally wrote the queue.module.  If the same can  be achieved 
> with a node-level permission module (and I think it can),  it is 
> probably best to take the moderation bit behind the barn, and  to shoot 
> it through the head.  It's been a pain for years.  :-)
> Taking out the moderation bit should be both easy, fun and  rewarding.  
> SQL queries get less expensive, the user experience is  likely to get 
> better, and the code becomes easier to grok.
> Maybe check with the workflow people; I believe they had some  concrete 
> suggestions about this.  Either way, the workflow people  figured out a 
> mechanism to build arbitrary workflows with complex  transition schemes, 
> and I'm pretty sure they don't need the moderate  bit for that.  The 
> workflow module is the way forward.

I agree with all this. That said, it would be nice to have 'bits' on the node 
object that can be utilized by modules. Adding flags that must be joined in is 
kind of annoying, and the moderation bit has its uses. It's very convenient if
core provides something that's easy to utilize.

Also, publication status is not really usable by the node access system. If you
look carefully at the node_access function, you'll note that an unpublished
node *doesn't check* node_access at all, and is only visible to people with
administer nodes permission. Fixing this might actually be kind of nice, but
I've been assuming it was like that for a reason.

More information about the development mailing list