Making articles editable *only* by Author

I wanted to have articles edited only by the ones who create them (Author) and provide the Author a way to manually allow additional authors to edit the article.

As the goal of this article is to limit control over the News articles, it seems logical to create a group of editors that don't have permission to remove articles, not? To achieve this, just make sure the article editors don't have the "Delete News Articles" permission...

  1. - Create a new folder: /module_custom/News/templates
  2. - Create the files "editarticle.tpl" & "articlelist.tpl" in to the folder you just created

The contents of the /module_custom/News/templates/articlelist.tpl file:

{capture assign='adminname'}{$smarty.session.cms_admin_username}{/capture}
{if $adminname != '##REPLACE_WITH_YOUR_ADMIN_USERNAME##'}
    {assign var='statustext' value='REPLACED'}
    {include file='file:##REPLACE_WITH_YOUR_ABSOLUTE_PATH##/modules/News/templates/articlelist.tpl' assign='capturedtemplate'}
    {$capturedtemplate|regex_replace:"/(<th class=\"pageicon\">REPLACED<\/th>)/":""|regex_replace:"/(<td)(.)*?(icons\/system\/true.gif|icons\/system\/false.gif)(.)*?(<\/a><\/td>)/":""}
{else}
    {include file='file:##REPLACE_WITH_YOUR_ABSOLUTE_PATH##/modules/News/templates/articlelist.tpl'}
{/if}

To avoid users (easily) publishing and unpublishing each others articles, we want to remove these buttons from the article list view. Authors and "additional authors" will still have the possibility to publish/unpublish while editing the articles.

The code above will first "reset" the statustext to something generic. Why? because this text would change when the user switches languages and we don't want to write regex_replace codes for all languages ;)

The "include" grabs regular teplate code from the News module and assigns it to the "capturedtemplate" variable.

Next, we show the "capturedtemplate" variable while removing the unwanted code with regex_replace. (the whole publish/unpublish column)

The contents of the /module_custom/News/templates/editarticle.tpl file:

{assign var='new_startform' value=$startform}
{assign var='new_endform' value=$endform}
{assign var='startform' value=''}
{assign var='endform' value=''}

{$new_startform}

{capture assign='adminname'}{$smarty.session.cms_admin_username}{/capture}
{if substr_count($extravalue, $adminname)}{assign var='editor' value='1'}{/if}
{if $adminname == "$inputauthor" || $adminname == '##REPLACE_WITH_YOUR_ADMIN_USERNAME##' || $inputauthor == '' || $editor == '1'}
{include file='##REPLACE_WITH_YOUR_ABSOLUTE_PATH##/modules/News/templates/editarticle.tpl'}
{else}<strong style="color: red;"> This article has been created by an other user ({$inputauthor}).
Cet article a été créé par un autre utilisateur ({$inputauthor}).
Dit artikel werd aangemaakt door een andere gebruiker ({$inputauthor}).</strong>{/if}

{$new_endform}

This will allow the following scenarios where the article content can be edited:

  • - The logged in user is the author
  • - The logged in user is the admin (probably you ;)
  • - No author has been set (allows creation of new articles)
    • - - ps: As a consequence, if you remove a user login from the CMSMS installation, his or her articles become editable by everyone else...
  • - The logged in user is an "additional editor" (entered manually by the original Author)

When editing or creating an article, the Author may enter user names of the "additional editors" in the Extra field separated by comma's (or not ;-)

Next, we will stop the content editors from messing around in the custom fields and category tabs. This while off course allowing access to these features for ourselves :)

  • - Create the files "customfieldstab.tpl" & "categorylist.tpl" in to the module_custom/News/templates folder

The contents of the /module_custom/News/templates/customfieldstab.tpl file:
(If you don't want editors testing out what would happen if they edit your custom field definitions...)

{capture assign='adminname'}{$smarty.session.cms_admin_username}{/capture}
{if $adminname != '##REPLACE_WITH_YOUR_ADMIN_USERNAME##'}
<p style="color:red;">Deze functie is niet beschikbaar</p>
<p style="color:red;">Cette fonctionnalit&eacute; n'est pas disponible</p>
<p style="color:red;">This feature is not available</p>
{else}
{include file='file:##REPLACE_WITH_YOUR_ABSOLUTE_PATH##/modules/News/templates/customfieldstab.tpl'}
{/if}

The contents of the /module_custom/News/templates/categorylist.tpl file:
(If you don't want editors messing up your hard coded categories...)

{capture assign='adminname'}{$smarty.session.cms_admin_username}{/capture}
{if $adminname != '##REPLACE_WITH_YOUR_ADMIN_USERNAME##'}
<p style="color:red;"><a href="##URL##" target="_blank">Contacteer ##COMPANY##</a> om een categorie toe te voegen</p>
<p style="color:red;"><a href="##URL##" target="_blank">Contactez ##COMPANY##</a> pour ajouter une cat&eacute;gorie</p>
<p style="color:red;"><a href="##URL##" target="_blank">Contact ##COMPANY##</a> to add a category</p>
{else}
{include file='file:##REPLACE_WITH_YOUR_ABSOLUTE_PATH##/modules/News/templates/categorylist.tpl'}
{/if}

Can this be used with CGBlog?

Yes! the only difference: the code from module_custom/News/templates/categorylist.tpl should be placed in module_custom/CGBlog/templates/admin_categoriestab.tpl.
Don't forget to change the "include file" to admin_categoriestab.tpl and don't forget to change your paths from "News" to "CGBlog" everywhere...

ps: I've also posted this article on the forum.
ps2: A shout in the comments if you like what you see is appreciated :)

Greetings,
Manuel

a2 Hosting

Comments