How do I let users unpublish and publish their own content?

Question

I want to let users unpublish and publish their own content. By default, you have to give "administer nodes" permission for users to be able to unpublish or publish content. That is way to broad though. I want to let users unpublish or publish a node if and only if they created it. This also means they should be able to view unpublished nodes if and only if they created it.

Answer 1

A UI approach which I have used on some sites is the Override Node Options module, adds permissions similar to those that my other answer provides, plus a bunch extra.

Answer 2

We always use the Publish Content module for that. It adds a number of fine-grained permissions and a publish/unpublish tab on nodes.

This module

• enables granular publish and unpublish permissions:
  • global (un/publish any content)
  • per "node type" (un/publish any [nodetype] content)
  • per user (un/publish own [nodetype] content
• adds a "Publish/Unpublish" tab to the node page for one-click un/publishing.
• exposes publish/unpublish links to your views, making it easy to streamline workflows for reviewers, editors and publishers.
• is lightweight and always will be.

Answer 3

I'd recommend using the Revisioning Module which gives you a few benefits over the above methods. One of course is that it is a fully maintained module and thus there will be a lot of eyes on the code and plenty of bug fixes. Two, you will get more features to fit this into your overall workflow.

For your use case, gives your users both the "creator" permissions and the "moderator" permissions, so they can basically moderate their own content, but as says in the module description, they are not given god-like powers such as giving 'administer nodes' would give.

Answer 4

There is a module that does this, but I can't quite remember the name. I actually felt that the approach the module took was too cumbersome, it had a lot of code when the actual important code was only really one line wrapped with some permission logic.

This is my version of the code:

function MYMODULE_perm() {
  $perms[] = 'administer status of any content';

  foreach (node_get_types() as $type) {
    if (isset($type->type)) {
      $perms[] = 'administer status of any '. check_plain($type->type) .' content';
      $perms[] = 'administer status of own '. check_plain($type->type) .' content';
    }
  }

  return $perms;
}

function MYMODULE_form_alter(&$form, &$form_state, $form_id) {
  if ($form['#id'] == 'node-form' && $form_id == "{$form['#node']->type}_node_form" && _MYMODULE_access($form['#node']->type)) {
    if ($form['options']['#access'] == FALSE) {
      $form['options']['#access'] = TRUE;
    }
  }
}

function _MYMODULE_access($type) {
  return user_access('administer status of any content')
      || user_access('administer status of any ' . check_plain($type) . ' content')
      || user_access('administer status of own ' . check_plain($type) . ' content');
}

That adds a few extra permissions that allow you to allow users to publish/unpublish their own or all of a content type, and all content types, set how you wish.

Answer 5

I just want to update Decipher answer, witch seams to me the best approach if you do not want to add another module, to fit for Drupal 7 :

/**
 * Implements hook_permission().
 */
function MYMODULE_permission() {  
  $perms = array(
    'administer status of any content' => array(
      'title' => t('Administer status for all content type'),
      'description' => t(''),
      'restrict access' => true
    ),
  );

  foreach (node_type_get_types() as $type) {
    if (isset($type->type)) {
      $perm_types = array(
        'administer status of any '. check_plain($type->type) .' content' => array(
          'title' => t('Administer status of any '. check_plain($type->type) .' content'),
          'description' => t(''),
        ),

        'administer status of own '. check_plain($type->type) .' content' => array(
          'title' => t('Administer status of own '. check_plain($type->type) .' content'),
          'description' => t(''),
        ),
      );
      $perms = array_merge($perms,$perm_types);
    }
  }

  return $perms;
}


function MYMODULE_form_alter(&$form, &$form_state, $form_id) {
  if (preg_match('/_node_form$/', $form_id) && _MYMODULE_access($form['#node']->type)) {
    if ($form['options']['#access'] == FALSE) {
      $form['options']['#access'] = TRUE;
    }
  }
}

function _MYMODULE_access($type) {
  return user_access('administer status of any content')
      || user_access('administer status of any ' . check_plain($type) . ' content')
      || user_access('administer status of own ' . check_plain($type) . ' content');
}

Answer 6

You can achieve this by combining the power of the Flag and Rules modules.

1. Create a new Flag Publish and give users permission to only flag their own content.
2. Next, add a new Rule that triggers when a node is flagged and that publishes the flagged node. Similarly, create a second Rule that unpublishes nodes which are unflagged under Publish.
3. Finally, give users permission to see their own unpublished nodes and add a Publish link to the node's pages.

Answer 7

The content access module should cover what you want.

This module allows you to manage permissions for content types by role and author. It allows you to specifiy custom view, edit and delete permissions for each content type. Optionally you can enable per content access settings, so you can customize the access for each content node.