Limits node edit and delete access based on moderation state and user roles.
This module provides a way to define multiple access rules for moderated content. When this module is enabled, access to update (edit) or delete moderated nodes is denied by default unless a rule explicitly allows it for the user's role and the current moderation state of the node.
Each rule allows you to specify:
- Roles: Which user roles this rule applies to.
- Allowed States: In which moderation states the selected roles are allowed to perform the operations.
- Operations: Which operations (Edit, Delete) are allowed by this rule.
- Enable the module.
- Ensure you have the
content_moderationmodule enabled and configured for some content types. - Configure the rules at
Configuration > Content Authoring > Content Moderation > Access by state(admin/config/content/moderation/access).
The configuration page allows you to add as many rules as needed. Rules are evaluated independently; if any rule matches the user's role, the operation, and the current state, access is granted.
Administrators with the "administer nodes" permission or User 1 always bypass these restrictions.