Submitted by patrick on Thu, 05/28/2009 - 22:09
Posted in
Picture this situation: You are on vacation, taking a walk through the city and all of a sudden you bump into a crowd of people, gathered around Steve Jobs from Apple Inc., who is giving away iPhones for free.
That is basically the kind of event, all bloggers are dieing for, a first hand account of a sensation and the chance to be the first one to report it. The only problem here is, that you are far away from your computer and by the time you'd get home again, this would be old news and therefore nothing to blog about anymore. Since you cannot afford to wait, your only chance is to find a an internet cafe or a public library with internet access, which directly puts you into a dilemma. On one hand, you need to log into your website, but on the other, your main account may have administrative powers or at least enough privileges to vandalize your blog. Can you really trust a public computer not to have some kind of spyware installed? What if you forget to log out again? Do you really want to risk your website's security and integrity over being the first one to write about the event?
What you'd need in this kind of situation is a second, low privilege account, which may only post blog entries and automatically transfers ownership of new posts to your main account, so they end up in the correct RSS feed and are also safe from vandalism, in case that second account gets compromised.
The easiest way to implement such a feature would be to use the action/trigger system of the Drupal core. Unfortunately, the best it can do is to transfer the ownership of every new node of every user to one designated account, which can be a severe limitation or even a criterion for exclusion in a lot of cases. So, let's see, if we cannot build something a bit more flexible.
First thing to do is to create an account "mobile" and a corresponding role "mobile role". Assign the role to the account and make sure, the only permission it has, is to create new blog entries. Editing or deleting privileges are not needed (thats the whole point behind this, after all).
Next, download and enable the Rules module. Create a new triggered rule with the name "Chown node". Set the triggering event to "After saving new content". Add the two conditions "Content has type" with the type "Blog entry" and "User has role(s)" with the value "mobile role". This will make sure, that the rule only fires in case the mobile user creates a new blog post.
Last but not least, add the action "Execute custom PHP code" and enter the code snippet below.
$node->uid = 1;
return array("node" => $node);
Replace the "1" with the numerical user id of the account, you want to transfer ownership to. To find out the UID of your main account, simply visit it's profile. The UID will be encoded in the URL.
In case your website hosts multiple blogs for multiple users, who all want a sandbox account for safe publishing, the code should look like this:
switch ($user->uid) {
case 3: {
$node->uid = 1;
break;
}
}
return array("node" => $node);
You need to add one case block per user, who has a mobile account. The number after the the case statement is the UID of the mobile account. The number after $node->uid is, again, the UID of the account to transfer ownership to. In the example above, Ownership would be transferred from user 3 to user 1 (the administrator).
Similar posts
- Putting a notepad into Drupal's sidebar
- Protecting your website's content from deep linking, when using the Drupal CMS
- Don't use Drupal's blog module unless you intent to build a blog hosting site
- Adding automatic MD5 or SHA1 checksum calculations to file downloads with Drupal
- Distilling blog posts into books and preventing premature leaks while drafting