[development] Moderation bit behavior
merlin at logrus.com
Tue Jul 4 17:18:52 UTC 2006
Dries Buytaert wrote:
> On 04 Jul 2006, at 17:11, Neil Drumm wrote:
>> Right now we have an inconsistency with our moderation bit. Is it
>> supposed to control the visibility of posts, or is that solely dependent
>> on status? 13 queries say it should have an effect and /up to/ 38
>> queries say no.
>> The issue for this is over at http://drupal.org/node/71730.
>> I think the underlying problem may be that published (status) is not
>> mutually exclusive with moderation.
> The original context of the moderate bit is the queue.module. With the
> queue.module, nodes that have both the moderate and published bit set
> were shown to authenticated users, but not to anonymous users.
> Nowadays we have node-level permission, something which wasn't avaiable
> when I originally wrote the queue.module. If the same can be achieved
> with a node-level permission module (and I think it can), it is
> probably best to take the moderation bit behind the barn, and to shoot
> it through the head. It's been a pain for years. :-)
> Taking out the moderation bit should be both easy, fun and rewarding.
> SQL queries get less expensive, the user experience is likely to get
> better, and the code becomes easier to grok.
> Maybe check with the workflow people; I believe they had some concrete
> suggestions about this. Either way, the workflow people figured out a
> mechanism to build arbitrary workflows with complex transition schemes,
> and I'm pretty sure they don't need the moderate bit for that. The
> workflow module is the way forward.
I agree with all this. That said, it would be nice to have 'bits' on the node
object that can be utilized by modules. Adding flags that must be joined in is
kind of annoying, and the moderation bit has its uses. It's very convenient if
core provides something that's easy to utilize.
Also, publication status is not really usable by the node access system. If you
look carefully at the node_access function, you'll note that an unpublished
node *doesn't check* node_access at all, and is only visible to people with
administer nodes permission. Fixing this might actually be kind of nice, but
I've been assuming it was like that for a reason.
More information about the development