I’ve just realized that the “Promote to Front Page” option – which lets users flag their content so that it will be displayed on the front page of the Drupal site as well as in their own blog/group pages, is rather borked. The setting that enables this option is part of the “Administer Nodes” access permission. Enabling that permission also grants the user to edit any content in that instance of Drupal. Which might be fine in a small and closed system, but when you’ve got a system like weblogs.ucalgary.ca with a growing number of users, and they’re using it for academic purposes, it’s not a great scenario.
Here’s what I just had to post on both weblogs.ucalgary.ca and the Education ePortfolio Drupal sites:
I have temporarily disabled the “Promote to Front Page” option (and the set of related content-administration options).
Turns out that the setting that opens up these options for users while writing content also enables them to edit any piece of content in the system. That’s a Bad Thing™ – especially now that we’re starting to roll this service out for use in the classroom.
I’m looking into possible ways to enable the Promote feature (or something similar) – for now, if you have a post that you’d like to see on the front page, email me the link, and I can set the proper flag.
So… Is there a way to enable “Promote to Front Page” without slapping an “Edit” button on every node in the database? I’ve read about the hack to add a Feedback link that emails an admin with a request to manually promote a node, but that sucks, and won’t scale. Ideally, just a separate setting that exposes the Promote option (and even more ideally, the “Published” option as well) to Regular Users.