[drupal-devel] [feature] Extend access control options

Bèr Kessels drupal-devel at drupal.org
Fri Sep 9 06:56:16 UTC 2005


Issue status update for 
http://drupal.org/node/30711
Post a follow up: 
http://drupal.org/project/comments/add/30711

 Project:      Drupal
 Version:      4.6.3
 Component:    node.module
 Category:     feature requests
 Priority:     normal
 Assigned to:  timcn
 Reported by:  timcn
 Updated by:   Bèr Kessels
 Status:       patch (code needs review)

I am all for it.


Provided we start a joint effort to redesign the permissions pages. Too
much has been said about redesigning that, too little done.
IMO the only thing withholding much finer grained permisions is the UI
of these permissions.




Bèr Kessels



Previous comments:
------------------------------------------------------------------------

Thu, 08 Sep 2005 17:58:06 +0000 : timcn

Attachment: http://drupal.org/files/issues/node_33.patch (8.24 KB)

Unfortunately you can only give a role permission to "access content"
and/or "administer nodes". But often, this does not suffice. You want
editors to be able to browse the nodes in the "content" section and for
example allow them to make a node sticky. But you don't want them to
delete a node or change it's visibility.


My patch offers the following permissions:



* access content
* administer nodes
* change revision setting
* delete nodes
* make nodes sticky
* moderate nodes
* promote nodes

It does also really check if the user is allowed to perform a certain
action and deny it if that is not the case. It does also hide the
specified checkboxes and options from the dropdown box.


The patch is for 4.6.3 but should also work with HEAD.




------------------------------------------------------------------------

Thu, 08 Sep 2005 18:27:04 +0000 : Boris Mann

+1 for concept. Will test and follow-up.


The revision permission will need to be merged with the revision patch.




------------------------------------------------------------------------

Thu, 08 Sep 2005 18:51:51 +0000 : kbahey

+1 on the concept too.




------------------------------------------------------------------------

Thu, 08 Sep 2005 18:58:13 +0000 : timcn

Yes, some changes to the revision permission are necessary. I just saw
that it has been reworked in cvs,




------------------------------------------------------------------------

Fri, 09 Sep 2005 06:32:53 +0000 : Boris Mann

OK, installed and tested.


To be clear, "admin nodes" permission is required to access any of the
extended functionality. Admin nodes will allow editing of any node, as
well as changing author and date, as well as any other features that
modules insert.


Enabling additional permissions makes those add-on functions of sticky
etc. available.


This makes sense (and it all works), yet at the same time it seems that
being able to edit the full content of a node is the most powerful
access. Would there be a way to enable only Admin > Content -- e.g.
"make sticky" or anything else allows access to Admin > Content --  but
does NOT allow editing of nodes?


I like the direction of this, and really, any toggle-able setting
should potentially have a separate permission, but at the same time, it
seems a bit funky. Comments?







More information about the drupal-devel mailing list