[drupal-devel] Permissions aren't transparent

Gerhard Killesreiter killesreiter at physik.uni-freiburg.de
Mon Apr 18 13:36:00 UTC 2005

Hi there!

One problem with Drupal is the way it handles user permissions. The
permissions are attached to the user object but nobody really knows what
they do. To find out what a particular permission allows you to do, you
often need to have a look at the code. More important: The user does not
know which permissions he has.

I propose to change the structure of the _perm hook:

foo_perm() {
  return array('create foo', 'admin foo');

is the current structure.

foo_perm() {
  return array('create foo' => t('Lets you create nodes of type foo.'),
               'admin foo' => t('Lets you administer nodes of type foo.')

is the proposed structure.

The idea is to not only display the additional blurb on the admin
permission page, but also on a sub tab of the user profile pages (or
directly on /user/n).



More information about the drupal-devel mailing list