The problem with Drupal's "administer nodes" permission (and how to get round it)
Drupal 6 permissions have a tendency to give me a real headache, in part because as a site grows in terms of modules so does the list of available permissions. However, perhaps far more frustrating is when a certain combination of permissions just don't work as I'd expect/want.
One case of this, that I regularly encounter, is when I want to allow different user roles to create and manage different content types. This only seems to work when a particular role has been given the administer nodes permission, but this just overrides far too many permissions.
Without administer nodes a user doesn't have access to the Content table so can't easily get an overview of the site's content and the valuable access this provides for editing the content. Additionally the user cannot do things like publish/unpublish the content they are creating or change the comments settings for a particular page. Yet, if I give the user this permission the restrictions on which content types they can create get ignored!
An example scenario
This seems like a huge oversight. Imagine the case where you have two user roles, let's call them Editors and Writers. We want to let both Editors and Writers create news articles on a site. A Writer should also be able to publish or unpublish their own work and decide whether or not comments should be enabled for each article. However, we also have page content on this hypothetical site, but only want Editors to be able to create and edit these.
Unless I give the Writers permission to administer nodes then they can't play with the news items' publication status or comments' settings; nor can they access their news items via the Content page, they don't have permission for that (they have to seek them out on the site, and we need to ensure they have an edit tab provided). However, giving them the administer nodes permission ignores the fact that they're not allowed to create pages! Administer nodes just gives away far too many permissions to our Writers.
The fix
Thankfully with the help of a couple of modules we can get around this issue (and improve things a little in the process). The modules are:-
Content Management Filter provides an alternative to Drupal's standard Content manager. It has its own permissions, so we don't need to use administer nodes unless really necessary for a particular role. Furthermore, it provides a more powerful version of the content table as it provides a wealth of filters and allows you to sort the rows returned; if you're dealing with a site with a lot of content this is invaluable!
Override Node Options adds a load of new permissions to fine tune the authoring information and publishing options fields on an edit screen. That means we can let a group of users control whether their content gets published or is promoted to the front page without having to give them all the power offered by administer nodes. Fantastic! Plus that's on a content type by content type basis and we can make things collapsible/collapsed on the edit screen (bonus).
Hopefully with Drupal 7 all this will become unnecessary and we'll have some more sensible permissions to play with; but in the meantime this seems to sort things.
Thanks to Kevin Quillen for pointing me in the right direction with this (and reassuring me that it was indeed an issue with the permissions). He made an interesting suggestion over on Stack Overflow of recreating the Content manager using Views.