[drupal-devel] [feature] Extend access control options
fajerstarter
drupal-devel at drupal.org
Sat Sep 10 10:22:34 UTC 2005
Issue status update for
http://drupal.org/node/30711
Post a follow up:
http://drupal.org/project/comments/add/30711
Project: Drupal
Version: 4.6.3
Component: node.module
Category: feature requests
Priority: normal
Assigned to: timcn
Reported by: timcn
Updated by: fajerstarter
Status: patch (code needs review)
About redesigning the permissions page, here's an idea:
http://drupal.org/node/30843
fajerstarter
Previous comments:
------------------------------------------------------------------------
Thu, 08 Sep 2005 17:58:06 +0000 : timcn
Attachment: http://drupal.org/files/issues/node_33.patch (8.24 KB)
Unfortunately you can only give a role permission to "access content"
and/or "administer nodes". But often, this does not suffice. You want
editors to be able to browse the nodes in the "content" section and for
example allow them to make a node sticky. But you don't want them to
delete a node or change it's visibility.
My patch offers the following permissions:
* access content
* administer nodes
* change revision setting
* delete nodes
* make nodes sticky
* moderate nodes
* promote nodes
It does also really check if the user is allowed to perform a certain
action and deny it if that is not the case. It does also hide the
specified checkboxes and options from the dropdown box.
The patch is for 4.6.3 but should also work with HEAD.
------------------------------------------------------------------------
Thu, 08 Sep 2005 18:27:04 +0000 : Boris Mann
+1 for concept. Will test and follow-up.
The revision permission will need to be merged with the revision patch.
------------------------------------------------------------------------
Thu, 08 Sep 2005 18:51:51 +0000 : kbahey
+1 on the concept too.
------------------------------------------------------------------------
Thu, 08 Sep 2005 18:58:13 +0000 : timcn
Yes, some changes to the revision permission are necessary. I just saw
that it has been reworked in cvs,
------------------------------------------------------------------------
Fri, 09 Sep 2005 06:32:53 +0000 : Boris Mann
OK, installed and tested.
To be clear, "admin nodes" permission is required to access any of the
extended functionality. Admin nodes will allow editing of any node, as
well as changing author and date, as well as any other features that
modules insert.
Enabling additional permissions makes those add-on functions of sticky
etc. available.
This makes sense (and it all works), yet at the same time it seems that
being able to edit the full content of a node is the most powerful
access. Would there be a way to enable only Admin > Content -- e.g.
"make sticky" or anything else allows access to Admin > Content -- but
does NOT allow editing of nodes?
I like the direction of this, and really, any toggle-able setting
should potentially have a separate permission, but at the same time, it
seems a bit funky. Comments?
------------------------------------------------------------------------
Fri, 09 Sep 2005 06:56:13 +0000 : Bèr Kessels
I am all for it.
Provided we start a joint effort to redesign the permissions pages. Too
much has been said about redesigning that, too little done.
IMO the only thing withholding much finer grained permisions is the UI
of these permissions.
More information about the drupal-devel
mailing list