[development] Incorporate RoleAssign module into User module?

inkfree press inkfree at gmail.com
Fri Oct 20 04:45:20 UTC 2006

"Thomas Barregren" wrote:

> You write that "Incorrect use ... could limit the ability of the site
> administrator from properly administering the Drupal web site." How do you
> mean? The site administrator, e.g. user 1, always have all permissions
> irrespective of assigned roles. So how could his/hers ability be limited?

I mean that, unless one is very careful in the setting of access privileges,
roles which can receive those privileges, and users assigned to those roles,
then the ability of the Site Administrator to be fully (and only) in control
of site features could be compromised.

I only suggest that you take a special sentence or two to _very clearly_
tell the module user that they should be completely familiar with Drupal's
role-permission access system.

Already this system is complicated by a terrible UI [*] when there are more
than 2 or 3 roles and a few dozen modules.  To add another "meta layer" of
"permission-granting permission" could leave a Site Admin (user = 1) baffled
about some why some user/role is able/not able to take an action, and in the
case of actual role creation/assignment and permission assignment, this
could be disastrous.  I'm not being overly cautious, I think, to encourage
you to write an extremely clear description/help file and to specifically
_warn/alert/notify/caution_ the module user about all the potential issues.

[*]  The UI for access control is, frankly, quite bad.  Arbitrary width
columns for roles and non-collapsible module-level "task permission" entries
(table rows) make for a cumbersome and always changing UI.

I hope that 5.0 brings some of that 'ajax' goodness to the administrative
UI, so that things like "Settings", "Block Config", "Access Control" and
similar tabular/sectioned lists can be better navigated and share a
consistent interface.

More information about the development mailing list