Okay, I have a hack that seems to work based on my fooling around with the idea. It only a few source code changes but those changes are in SEC_getPermissionsHTML(), SEC_getPermissionValue(), COM_getPermSQL(), COM_topicList(), and of course submitstory(), storyeditor() and edittopic(). These are not the kinds of places you want just anyone going in and hacking. Did I mention that you also have to run a bit of SQL across all your topics? The cool thing though is those functions have changed so little over the last few versions that the hack seems to work in 1.4.0 and 1.4.1.

Basically, I massaged the two SEC_ functions to allow "member" and "anonymous" users to have "write only" access. The change to SEC_getPermissionsHTML adds WRITE checkboxes to the member and anonymous user permission when a flag is set. The change to SEC_getPermissionValue() provides an override flag for the "Force 1 to equal 3" part of the function. Changes to COM_getPermSQL involve turning ">= 2" into "in (2,3)" and allow the $access variable to equal 1. Most of the changes to the other functions involve setting the flags to trigger the above changes.

In practice, you need to set all the permissions in your current topics to 3 for those members and anonymous values which now are 2. Once you set a topic to 1, it shows up in the submission list but not in the menu block or any other topic list. If you set a topic to 2, it disappears from the list of topics on the submit page. Owner and group level permissions are untouched by this hack.

I've uploaded the file. EDIT: Here's a link

I see there were a few downloads. Any comments about this? I curious if it is working out.

(I waited a week, I'm entitled )

Thanks jmucchiello for this hack. I think it is great to address this problem and maybe additionally the problem of everybody being allowed to chose "show on front page".

The larger a site becomes or the more unexperienced users are the more likely are mishaps. I will test your hack soon. Unfortunately I converted my sites to beta 1 / 2. Would it be possible to rewrite your hack for beta 2?

There is also a typo in the instructions. I think line 235 should read:
// ******* Changes to public_html/admin/topic.php

Ah, I just realized that the problem "show on front page" is gone because of the new variable: $_CONF['onlyrootfeatures'] = 0;


~~~
Ooops, nonsense! "When set to 1, only root users will be able to feature a story" so it is still possble for anyone to write on the front page.

What about making the front page a topic "front page"and limiting write access to it?

I just downloaded beta 2 so I'll see about converting to b2 as soon as I get a chance.

Unfortunately, 1.4.1b2 moves some generated HTML into a new thtml file and there were some big changes to COM_topicList so I will have to port my hack to 1.4.1. I'm not sure I want to do this before 1.4.1 is finalized. But if I find the time I'll make the changes. Problem is I don't have a 1.4.1 test system running so I'd need to do that before releasing the port.

It is similar with me, I only have a b2 test webspace since yesterday

So it`s no problem and possibly more useful to wait for the final 1.4.1 in a few days. Anyway your hack was asked for a couple of times and looks like a solution to feature request #551.

The new version of my hack should be ready in a couple days. I'm going a different route this time. I'll duplicate the existing core functions that I have to modify and call the new function COM_whatever_ext. These whole copies of the function will then go in their own file that you include from your lib-custom.php file. After that, the hack style changes are just adding _ext to a couple function calls in submit.php and admin/topic.php.

The only danger here is if there are security bugs in the functions I copy. Changes to the core function would need to be reflected immediately into the hack functions. Still, I'm hoping this method will make it easier for people to install the hack.

Now I just need there to be a hacks directory next to plugins and system in directory structure.

Okay, it's ready. I just submitted the file. I'll update this when the link is available. This version a bit less invasive but it also only works with 1.4.1.