tags:

views:

37

answers:

3
+1  Q: 

Allow anonymous users to edit their content? Drupal module, ideas

I have a custom content type in drupal that I'm allowing even anonymous users to create. I would like to also give them the ability to come back and edit their creations after they've first published it, but that's the challenge.

Since they are "anonymous", I would guess there's no way for the drupal permissions system to tie the content back to the user that originally created it.

Where does that leave me? I'm thinking browser cookies or something along those lines? I'm not sure.

Is there an existing module that could help with this, or ideas to create a new one?

+4  A: 

You could store an ID in a cookie but if the user deletes it, there would be no way to identify them anymore. You could also keep a record of IP addresses but that's also not 100% reliable.

Only way to be reliable is to have some kind of login system. You could just offer content editing as a feature to people willing to register.

Crayon Violent  2010-07-28 00:08:44
I generally agree with this answer, but think of this site we're on right on. You can edit your questions and answers without registering.
stacker  2010-07-28 00:12:45
Yeah, but out of the box, Drupal can't work with users like SO does. SO thought of this ahead of time.
Kevin  2010-07-28 00:36:33
and they would be using a combination of cookies and/or IP address checking. Delete your cookies and come in through an anonymous surfing site and see if you can still edit your post without logging in ;)
Crayon Violent  2010-07-28 01:03:16
Just to clarify, for this use case, the users will have an incentive not to clear their cookies etc. They will be told that this is how the site tracks them and lets them edit, and they will be informed of the risks of adding content without registering.
drupal  2010-07-28 01:12:57
okay, well if you want to tell them about the cookie then sure, go for it. All you need to really do is generate a unique ID for the user if the cookie doesn't exist and set the cookie with that value and keep a db or flatfile list of post id and cookie id associated with it. When a user goes to your site, check their cookie and allow them to edit any posts that match the cookie ID with what's in your list for the posts.
Crayon Violent  2010-07-28 01:24:30
+2  A: 

In Drupal or any system really.. its best to rely on a key and from experience, its easier to have them register. In Drupal, if a person is anon, they are UID 0 and not much else is saved about them. Another user pointed out in another post that Drupal does not track session IDs for anonymous users objects, so you would have to work with something like session_id().

I can see why you'd want little barrier to post but it might be a management nightmare later.

Kevin  2010-07-28 00:36:13
I can see why it's more work now, but can you elaborate why it's a management nightmare "later"?
drupal  2010-07-28 01:08:37
+2  A: 

Rather than trying to preserve a session (which defeats the purpose of being anonymous, if you ask me), what about letting the user create a password upon creation? Then, add a validate handler that checks to see if they supplied the correct password if the node isn't new.

You could use the CCK Password Field module to add a CCK field for the password, or use hook_form_alter to modify the node_form directly and provide your own CRUD in a custom module. Heck, Anonymous edit access probably doesn't need to be that secure and you could get away with just a CCK text field to store the password.

Mark Trapp  2010-07-28 00:38:03
I don't think it defeats the purpose of being anonymous at all. To the user, anonymous means I don't want to bother registering and confirming my email. Drupal decided to call that anonymous. They could have called it not registered and it would be the same thing. I want to offer those lazy users the ability to edit their content. Of course the guarantee I give them is very small because they gave me a small commitment to begin with.
drupal  2010-07-28 01:32:26
To define anonymous as lazy people is a very narrow definition of anonymous. There are a few different cases that would still be considered anonymous usage but would not preserve a session: using an anonymizer or visiting the site from different locations to name two. Which is why Drupal treats anonymous as one single user: if you're tracking sessions, it's no longer anonymous. Forcing registration or do something like I suggested makes session or user tracking explicit, stable, and doesn't leave the word "anonymous" up for debate.
Mark Trapp  2010-07-28 01:50:31

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases