[drupal-devel] [feature] new permission: create new books
lgarfiel
drupal-devel at drupal.org
Thu Aug 11 00:18:11 UTC 2005
Issue status update for
http://drupal.org/node/8253
Post a follow up:
http://drupal.org/project/comments/add/8253
Project: Drupal
Version: cvs
Component: book.module
Category: feature requests
Priority: normal
Assigned to: moshe weitzman
Reported by: moshe weitzman
Updated by: lgarfiel
Status: patch (code needs work)
To be honest, I don't like the whole "administer XYZ" permission format
in the first place. What the heck does "administer" mean, anyway?
Create? Edit Own? Edit Others? Delete Own? Delete Others? That's
five different possible operations. Which of them does "Administer"
cover? I honestly have no idea. :-)
Finer-grain permissions for those five operations would from a UI
perspective be much much better, simply because they are easier to
understand. (That goes for books and for everything else.)
lgarfiel
Previous comments:
------------------------------------------------------------------------
Wed, 02 Jun 2004 23:39:34 +0000 : moshe weitzman
Attachment: http://drupal.org/files/issues/drbook.patch (1.39 KB)
in order to create a new book, the user currently must have 'administer
nodes' permission. this is a bit too broad. this patch introduces a
'create books' permission and improves the help text a bit.
------------------------------------------------------------------------
Tue, 10 Aug 2004 01:54:25 +0000 : moshe weitzman
this patch is old now, with new menu system. functionality still needed.
------------------------------------------------------------------------
Fri, 01 Oct 2004 15:10:15 +0000 : moshe weitzman
Updated patch. It is far less risky to grant 'create new book' as
opposed to 'administer nodes'.
------------------------------------------------------------------------
Sun, 03 Oct 2004 16:11:29 +0000 : nedjo
+1, this makes sense as a distinct permission. Should the permission
test however be if (user_access('create books') ||
user_access('administer nodes')) {, instead of if
(user_access('administer nodes')) {, on the assumption that 'administer
nodes' includes creating books?
------------------------------------------------------------------------
Sun, 13 Mar 2005 21:04:11 +0000 : killes at www.drop.org
Makes sense to me, but the patch is outdated.
------------------------------------------------------------------------
Wed, 10 Aug 2005 23:46:53 +0000 : killes at www.drop.org
maybe somebody wants to look at it again.
------------------------------------------------------------------------
Thu, 11 Aug 2005 00:01:07 +0000 : merlinofchaos
Should this permission be 'create new books' or simply 'administer
books' or should they be separated out? I ask because if someone's
going to work on this, it seems like a good idea to simply back away
from administer node privileges entirely.
The question that remains, to me, is whether or not there is any real
gain by having create new books as its own permission.
------------------------------------------------------------------------
Thu, 11 Aug 2005 00:15:41 +0000 : puregin
The entire issue of permissions for book module needs to be re-examined.
See also http://drupal.org/node/21559.
In the meantime, I believe that 'administer books' and 'create new
books' should be kept distinct.
Administer books, for example, implies permissions to delete other
user's book pages. I can think of many situations where one might
want a user to be able to create new books, but not mess up other
peoples' books.
Djun
More information about the drupal-devel
mailing list