[drupal-devel] Permissions aren't transparent

Kobus Myburgh ITBJDM at puknet.puk.ac.za
Mon Apr 18 13:43:08 UTC 2005


I don't know if there are negative implications because of the proposed change, Iif there is, disregard my opinion, but I believe that this is 'n must-have +1.



>>> killesreiter at physik.uni-freiburg.de 4/18/2005 2:09:59 PM >>>

Hi there!

One problem with Drupal is the way it handles user permissions. The
permissions are attached to the user object but nobody really knows what
they do. To find out what a particular permission allows you to do, you
often need to have a look at the code. More important: The user does not
know which permissions he has.

I propose to change the structure of the _perm hook:

foo_perm() {
  return array('create foo', 'admin foo');

is the current structure.

foo_perm() {
  return array('create foo' => t('Lets you create nodes of type foo.'),
               'admin foo' => t('Lets you administer nodes of type foo.')

is the proposed structure.

The idea is to not only display the additional blurb on the admin
permission page, but also on a sub tab of the user profile pages (or
directly on /user/n).



More information about the drupal-devel mailing list