[drupal-devel] [feature] Extend access control options

Crell drupal-devel at drupal.org
Sat Sep 10 20:21:58 UTC 2005

Issue status update for 
Post a follow up: 

 Project:      Drupal
 Version:      4.6.3
 Component:    node.module
 Category:     feature requests
 Priority:     normal
 Assigned to:  timcn
 Reported by:  timcn
 Updated by:   Crell
 Status:       patch (code needs review)

I actually had some thoughts on this front as well recently in another
thread: http://drupal.org/node/21559  See comment #18 for my proposal. 
(No code, I'm afraid.  I'm not at the point where I'm competent to code
that level of change to the system.)


Previous comments:

Thu, 08 Sep 2005 17:58:06 +0000 : timcn

Attachment: http://drupal.org/files/issues/node_33.patch (8.24 KB)

Unfortunately you can only give a role permission to "access content"
and/or "administer nodes". But often, this does not suffice. You want
editors to be able to browse the nodes in the "content" section and for
example allow them to make a node sticky. But you don't want them to
delete a node or change it's visibility.

My patch offers the following permissions:

* access content
* administer nodes
* change revision setting
* delete nodes
* make nodes sticky
* moderate nodes
* promote nodes

It does also really check if the user is allowed to perform a certain
action and deny it if that is not the case. It does also hide the
specified checkboxes and options from the dropdown box.

The patch is for 4.6.3 but should also work with HEAD.


Thu, 08 Sep 2005 18:27:04 +0000 : Boris Mann

+1 for concept. Will test and follow-up.

The revision permission will need to be merged with the revision patch.


Thu, 08 Sep 2005 18:51:51 +0000 : kbahey

+1 on the concept too.


Thu, 08 Sep 2005 18:58:13 +0000 : timcn

Yes, some changes to the revision permission are necessary. I just saw
that it has been reworked in cvs,


Fri, 09 Sep 2005 06:32:53 +0000 : Boris Mann

OK, installed and tested.

To be clear, "admin nodes" permission is required to access any of the
extended functionality. Admin nodes will allow editing of any node, as
well as changing author and date, as well as any other features that
modules insert.

Enabling additional permissions makes those add-on functions of sticky
etc. available.

This makes sense (and it all works), yet at the same time it seems that
being able to edit the full content of a node is the most powerful
access. Would there be a way to enable only Admin > Content -- e.g.
"make sticky" or anything else allows access to Admin > Content --  but
does NOT allow editing of nodes?

I like the direction of this, and really, any toggle-able setting
should potentially have a separate permission, but at the same time, it
seems a bit funky. Comments?


Fri, 09 Sep 2005 06:56:13 +0000 : Bèr Kessels

I am all for it.

Provided we start a joint effort to redesign the permissions pages. Too
much has been said about redesigning that, too little done.
IMO the only thing withholding much finer grained permisions is the UI
of these permissions.


Sat, 10 Sep 2005 10:22:32 +0000 : fajerstarter

About redesigning the permissions page, here's an idea:

More information about the drupal-devel mailing list