Why the wiki-like functionality feels basic

2 min read

The wiki-like collaboration that exists on this site is not particularly robust. As this site is configured, while students can edit existing posts, they cannot revert to previous versions, among other things.

The reason for this lies in access control. Although students do not have the ability to see this, the workflow settings for pages save a new revision every time a page is edited. So, the teacher can go through and see all the revisions on each individual page. While this would be a GREAT feature for students to have, it isn't possible to safely allow this feature using the current permissions in Drupal.

To have the right to view revisions of pages, a user must have "administer nodes" privileges. "Administer nodes" privileges lets the user edit or delete any node on the site, which is more latitude than the average site user should have. It creates the opportunity for accidental (or intentional) deletion of key information. So, while giving students the "admininster nodes" privilege extends the functionality of the site, it does so at the cost of basic site security.

The solution would be to separate the ability to view revisions from the "administer nodes" permission. While there has been some talk of doing exactly that for 4.7, I don't know if that functionality will make it into core.