Haven't heard of anything on the dev list since the 5.0 release on this topic. And I read all stuff in the role system cause of some access/security modules I work on. Seems to me that this stuff belongs as a weight to the attributes that you're trying to track. (the quota, profile assingment, etc.) and not the role itself. That is weight, is not really a security concept. A tinymce profile could/should have a weight rather than a role. That way the weight doesn't start to mean to many different things to many different modules. I might want to treat tinyMCe profiles differently than image dimensions. Also I would make authenticated user the lowest privilege role and then create an elevated permission that is granted when the user registers. You can then revoke this role if you need. On Jun 7, 2007, at 8:41 AM, ufuk bayburt wrote:
It would matter when a user has multiple roles and those roles has permissions for quantitative values such as max image dimensions, file upload quota,(upload module), profile assignment(tinymce) etc. I maintain 2 modules both requires role weights. And there are many modules around there using roleweights module. It's not a big deal to self-implement this for a module but i wonder if there is any discussion on including this in core.
On the other hand it may allow to define a user role that is degraded form of authenticated user, say restricted user. AFAIK, this is not possible with the current role system as it combines the permissions of any member role with the authenticated user role. Of course there are ways to achieve this. Anyway, this was not my point. In this topic http://drupal.org/node/68970 moshe says "this is a dupe, but i can't find the original. most people agreed that role weights are needed." does anybody know where the original post is?
On 6/7/07, Earnie Boyd <earnie@users.sourceforge.net> wrote:
Quoting ufuk bayburt <ufukbay@gmail.com>:
is there an ongoing discussion or progress on role weights in core?
How would applying a weight to roles matter? The user access is the combination of all roles given to the user.
Earnie