[drupal-devel] fine grained permissions (was Re: [drupal-docs] Permissions page)

[Bèr Kessels]

oi.

Larry triggered something that I had bubbling in my mind for a long time 
already: finer grained permissions.

On Thursday 13 October 2005 02:16, Larry Garfield wrote:
> 2) Permissions not fine-grained enough (does "Create" include "change"?)
> I agree completely.  We definitely need more fine-grained and descriptive
> permissions.  There have been several threads about this recently, but not
> much code.  (I wish I had time to write some.)  The hard part is finding
> some standard other than "administer", which is a useless word.

What I have in mind is something to introduce a parent/child relation in 
permissions:
   hook_perm() {
    $perms[]->title = 'change book pages';
    $perms[]->parent = 'create book pages';
    return $perms;
   }
means that 'change book pages can only be set true in admin if that role has 
"create book pages" perms.
I am not referring to the permission on check time: only in the permissions 
administer page: the checkboxes would be greyed out for the permissions that 
cannot be set. 

This will allow for a much finer grained permission handling, but will 
immediately solve some of the clutter. Think about flexinode, for example, 
where some people would love a per-field permission. 

Bèr