Issue status update for http://drupal.org/node/8253 Post a follow up: http://drupal.org/project/comments/add/8253 Project: Drupal Version: cvs Component: book.module Category: feature requests Priority: normal Assigned to: moshe weitzman Reported by: moshe weitzman Updated by: lgarfiel Status: patch (code needs work) To be honest, I don't like the whole "administer XYZ" permission format in the first place. What the heck does "administer" mean, anyway? Create? Edit Own? Edit Others? Delete Own? Delete Others? That's five different possible operations. Which of them does "Administer" cover? I honestly have no idea. :-) Finer-grain permissions for those five operations would from a UI perspective be much much better, simply because they are easier to understand. (That goes for books and for everything else.) lgarfiel Previous comments: ------------------------------------------------------------------------ Wed, 02 Jun 2004 23:39:34 +0000 : moshe weitzman Attachment: http://drupal.org/files/issues/drbook.patch (1.39 KB) in order to create a new book, the user currently must have 'administer nodes' permission. this is a bit too broad. this patch introduces a 'create books' permission and improves the help text a bit. ------------------------------------------------------------------------ Tue, 10 Aug 2004 01:54:25 +0000 : moshe weitzman this patch is old now, with new menu system. functionality still needed. ------------------------------------------------------------------------ Fri, 01 Oct 2004 15:10:15 +0000 : moshe weitzman Updated patch. It is far less risky to grant 'create new book' as opposed to 'administer nodes'. ------------------------------------------------------------------------ Sun, 03 Oct 2004 16:11:29 +0000 : nedjo +1, this makes sense as a distinct permission. Should the permission test however be if (user_access('create books') || user_access('administer nodes')) {, instead of if (user_access('administer nodes')) {, on the assumption that 'administer nodes' includes creating books? ------------------------------------------------------------------------ Sun, 13 Mar 2005 21:04:11 +0000 : killes@www.drop.org Makes sense to me, but the patch is outdated. ------------------------------------------------------------------------ Wed, 10 Aug 2005 23:46:53 +0000 : killes@www.drop.org maybe somebody wants to look at it again. ------------------------------------------------------------------------ Thu, 11 Aug 2005 00:01:07 +0000 : merlinofchaos Should this permission be 'create new books' or simply 'administer books' or should they be separated out? I ask because if someone's going to work on this, it seems like a good idea to simply back away from administer node privileges entirely. The question that remains, to me, is whether or not there is any real gain by having create new books as its own permission. ------------------------------------------------------------------------ Thu, 11 Aug 2005 00:15:41 +0000 : puregin The entire issue of permissions for book module needs to be re-examined. See also http://drupal.org/node/21559. In the meantime, I believe that 'administer books' and 'create new books' should be kept distinct. Administer books, for example, implies permissions to delete other user's book pages. I can think of many situations where one might want a user to be able to create new books, but not mess up other peoples' books. Djun