Can a user be locked out of editing published resources?

Hi,

We are looking to create 2 types of user

• An Author who can add and edit a new resource but NOT publish
• An Editor who can add, edit and delete resources and publish

This is to allow a process where an Author's new pages need checked and approved and made live by an Editor who can publish.

We have managed to achieve this with user groups and ACLs
(thanks to Bob's wonderful guide at http://bobsguides.com/revolution-permissions.html)

The problem is that the Author user is then able to edit any of the published resources.
Is there any way to lock an Author down to not be able to edit published resources?

Much scratching of head here... can't see how this can be done!
If anyone has any ideas on how this could be achieved it would be most helpful.

thanks

Ian

Create and save permissions but not edit? I haven't tried that combination yet, though.

We made a CMP with MIGXdb (see childresources tutorial) where editors can only create new resources (into a defined folder), and see/edit only unpublished resources in his grid.

Quote from: sottwell at Jun 20, 2014, 03:02 PM

Create and save permissions but not edit? I haven't tried that combination yet, though.

Hi

Many thanks for the idea.
I just experimented with this using an access policy with create_document allowed and edit_document not.
When I clicked save on a new resource it took me to a white page with

Error!
Access denied.

Then on manager page refresh it has the item in the site tree but when I click on it there is no access to the edit page as I would have expected.
And when I login as admin I see the unpublished new resource looks okay.

So.... in theory that kinda worked but...

It coming up with "error access denied" on a white page is extremely unfriendly and undesirable.

And the main idea of having an Author is for them to be able to "work on a page": i.e. create, save it, preview, go back and make edits and preview again... repeat until complete.
Then they would pass it to an Editor to publish the page.

So I come back to the same problem.
I need Authors to be able to edit ONLY unpublished pages.
and to be blocked from editing published pages

I strongly suspect the MODx system cannot do this out the box.
I would imagne that this would need extra plugin functionality, but I don't know how to approach that.
Does anyone know how to write a plugin that would block a sepcific user group from editing published pages?

cheers

Ian.

Right. Well, then, a plugin should work. OnBeforeDocFormSave, and if "published" is checked, but the user doesn't have "publish" permission, then disallow the savinging.

Here's another way to go. It adds published documents to a protected resource group.

Create a Resource group called "Pubbed" and connect it to the Editor user group with a Resource Group Access ACL entry with a context of 'mgr'.

Create a plugin attached to OnDocFormSave with this code:



Note that this will make the published resources disappear from the tree for users who can't edit them. If that's not OK, you can add another ACL entry to give them "Load, List, and View" access to the Pubbed resource group.

BTW, as an occasional page author, I can tell you that your authors are likely to complain bitterly about this setup. It's maddening to find a typo or factual error in something you've written and not be able to fix it. It's pretty standard to be able to edit your own work, though I can imagine use cases where it would be inappropriate.

You could have a user group of "TrustedAuthors" who had full access to the Pubbed resource group.

[ed. note: BobRay last edited this post 9 years, 10 months ago.]

Hi Bob,

Many many thanks, that sounds like an elegant solution.
I'm all coded out for the week, but will pursue this plan on Monday and I'll let you know how I get on.

I agree with you about not restricting Author users like this, IMO there should always be a level of trust, and of course the logs can always show anyone who abuses the trust. However this is a very specific client request so we have to do it, grumble grumble

Thanks again Bob, and I hope you have a good weekend

Regards

Ian

Clients can definitely have some goofy opinions on how things should be done.

Maybe the client is not aware that you can set things up so that people can only edit the pages that they, themselves, created.

you can set things up so that people can only edit the pages that they, themselves, created.

Hi Bob,

I wasn't aware that was possible, would you please be able to explain the mechanics of setting that up.
If you could that would be most helpful.

I think that would be very useful for the bloggers user group that we plan to set up.

thanks

Ian.

http://bobsguides.com/user-specific-pages.html