[drupal-devel] [feature] new permission: create new books

lgarfiel drupal-devel at drupal.org
Thu Aug 11 00:18:11 UTC 2005


Issue status update for 
http://drupal.org/node/8253
Post a follow up: 
http://drupal.org/project/comments/add/8253

 Project:      Drupal
 Version:      cvs
 Component:    book.module
 Category:     feature requests
 Priority:     normal
 Assigned to:  moshe weitzman
 Reported by:  moshe weitzman
 Updated by:   lgarfiel
 Status:       patch (code needs work)

To be honest, I don't like the whole "administer XYZ" permission format
in the first place.  What the heck does "administer" mean, anyway? 
Create?  Edit Own?  Edit Others? Delete Own?  Delete Others?  That's
five different possible operations.  Which of them does "Administer"
cover?  I honestly have no idea. :-)


Finer-grain permissions for those five operations would from a UI
perspective be much much better, simply because they are easier to
understand.  (That goes for books and for everything else.)




lgarfiel



Previous comments:
------------------------------------------------------------------------

Wed, 02 Jun 2004 23:39:34 +0000 : moshe weitzman

Attachment: http://drupal.org/files/issues/drbook.patch (1.39 KB)

in order to create a new book, the user currently must have 'administer
nodes' permission. this is a bit too broad. this patch introduces a
'create books' permission and improves the help text a bit.




------------------------------------------------------------------------

Tue, 10 Aug 2004 01:54:25 +0000 : moshe weitzman

this patch is old now, with new menu system. functionality still needed.




------------------------------------------------------------------------

Fri, 01 Oct 2004 15:10:15 +0000 : moshe weitzman

Updated patch. It is far less risky to grant 'create new book' as
opposed to 'administer nodes'.




------------------------------------------------------------------------

Sun, 03 Oct 2004 16:11:29 +0000 : nedjo

+1, this makes sense as a distinct permission.  Should the permission
test however be if (user_access('create books') ||
user_access('administer nodes')) {, instead of if
(user_access('administer nodes')) {, on the assumption that 'administer
nodes' includes creating books?




------------------------------------------------------------------------

Sun, 13 Mar 2005 21:04:11 +0000 : killes at www.drop.org

Makes sense to me, but the patch is outdated.




------------------------------------------------------------------------

Wed, 10 Aug 2005 23:46:53 +0000 : killes at www.drop.org

maybe somebody wants to look at it again.




------------------------------------------------------------------------

Thu, 11 Aug 2005 00:01:07 +0000 : merlinofchaos

Should this permission be 'create new books' or simply 'administer
books' or should they be separated out? I ask because if someone's
going to work on this, it seems like a good idea to simply back away
from administer node privileges entirely.


The question that remains, to me, is whether or not there is any real
gain by having create new books as its own permission.




------------------------------------------------------------------------

Thu, 11 Aug 2005 00:15:41 +0000 : puregin

The entire issue of permissions for book module needs to be re-examined.
 See also http://drupal.org/node/21559.  


In the meantime, I believe that 'administer books' and 'create new
books' should be kept distinct.


Administer books, for example, implies permissions to delete other
user's book pages.   I can think of many situations where one might
want a user to be able to create new books, but not mess up other
peoples' books.


Djun







More information about the drupal-devel mailing list