Add 'Access unpublished' module to GovCMS #936
Comments
|
There's a few security considerations we would need to consider on this module request. The possibility of leaking information, especially when considering embargoed content might be at risk if links are shared anonymously could be high in this scenario. I'm keen to hear from anyone else on their thoughts on this module or other alternates that could better and possibly more securely work when considering user accounts and sharing information before go live. There's the option to of course create user accounts with permissions to only view unpublished content and not have other access (such as editing accounts). |
|
Module link - https://www.drupal.org/project/access_unpublished |
|
Since this feature would primarily be used to send to executive and managers for approval of content that is going out to the public anyway, I don’t know that the risk is that high? i.e preview links are temporary and sent to very select high level APS staff. |
|
Depends on if it's forwarded to people outside the department. |
|
We've got an event coming up on the GovCMS side which could solve this problem from another angle - https://www.govcms.gov.au/news-events/events/august-online-meetup-functionality |
** What value does this module/package add to GovCMS?
Grants access to view unpublished content (node, media, anything that implements EntityPublishedInterface) to anyone who has a unique URL and appropriate permissions.
** Is the module Drupal 10 compatible?
Yes
** Please provide a brief outline of what this module does.
This is an easy to use module that grants access to view unpublished content (node, media, anything that implements EntityPublishedInterface) to anyone who has a unique URL and appropriate permissions. This module is useful for proofreaders, content checkers etc. Webmaster does not need to create user accounts and can keep the website safer. Each content item has its own unique access URL.
Users on unpublished content edit forms can see a “Temporary unpublished access” tab in the sidebar. All access tokens for this entity are listed there and it’s possible to generate new ones, delete tokens or renew them after they are expired.
** Who does this module benefit:
[ ] end users
[X] content editors
[ ] site builders
[ ] themers
[ ] developers
** How could you provide/replicate the functionality of this module using alternative methods, eg in your theme?
Carry out content authoring on a lower (non-prod) environment. Publish the node and share the link.
** If this module styles or alters HTML or JavaScript output, can the functionality be provided via the theme? What alternatives have you considered.
N/A
** What is the maintenance and support status of the module. Describe the issue queue activity.
Total of 127 issues. 47 currently open so it looks well aintained. Last issue update was within the last 48 hrs.
** What permissions are needed to utilise the module (and are any new permissions provided by the module)?
Each content type of block type gets it's own 'Access unpublished' permission configuration, so it's very granular.
** Does the module modify the database structure and/or store additional metadata on nodes or other entities? If so, why? What are the risks for future updates?
Unknown
** Is the module designed to capture anonymous user data?
No
** Is the output of the module typically fully cacheable? Would the inclusion of this module potentially render pages uncacheable.
N/A
** What is your assessment of the quality of this module, the contribution history of the module's maintainers, and the uptake of the module within the Drupal community?
Module looks well maintained with active and responsive issues. Provides a nice simple mechanism to provide a node link to interanl staff to review draft content without the need for a drupal account. Node urls include a token that is time based which is configured by content authors.
** Additional information
I can see other agencies using this as a matter of SOP.
The text was updated successfully, but these errors were encountered: