[development] Changing Roles (was Deleting Cached Permissions)

Ron Parker sysop at scbbs.com
Tue Aug 28 07:12:52 UTC 2007

Let me say it again: OG User Roles does not CHANGE roles.  It adds roles based upon the group a user and node is in.

For those who can't think of any scenario where a temporary role addition is a good idea, what about this:

User 1 belongs to Group A and Group B.  In Group A, User 1 is a contributor and can add content.  In Group B, User 1 is a member, and can only read content.  The way Drupal works now, if you give User 1 "create content" role in Group A, the user will also have the same role and capability in Group B.  For that matter, the user will have the "create content" role across the entire site.  

What OG User Roles (OGR) does is give the user the "create content" role in Group A, but NOT Group B.  So, I wouldn't give User 1 a sitewide "create content" role, but a group "create content" role, and only in Group A.  OGR doesn't alter sitewide roles, but adds temporary roles based upon group context.

In the bigger Drupal scheme, this apparently has no value.  But, with respect to Organic Groups and totally autonomous communities within communities, this is the only secure way of achieving that.  I can have 100's of groups and subgroups, one or two node types, and use only 4 roles: founder, admin, contributor, member; and, not one member of any group will be able to create or see content in any other group that he/she shouldn't.  This is NOT possible now, not without having 100's of roles and 100's of node types.

If the Drupal development team doesn't think this is a good idea, so be it.  

Deleting cached permissions, however, is a separate issue.  I still don't see why being able to delete cached permissions is NOT a good idea.


Date: Tue, 28 Aug 2007 07:04:57 +0200 (CEST)
From: "Karoly Negyesi" <karoly at negyesi.net>
Subject: Re: [development] Deleting Cached Permissions
To: development at drupal.org
Message-ID: <E1IPtG5-0006zX-9v at garm.runbox.com>
Content-Type: text/plain; charset="iso-8859-1"

I can not imagine any scenario where a temporary role change is a good idea .If it's permanent you can reload Drupal. What are your goals? "use LDAP groups" is a task not a goal. "I want to herd a tribe of gutsy gibbons" now, that's a goal.

Ron Parker
Software Creations               http://www.scbbs.com
Self-Administration Web Site     http://saw.scbbs.com
SDSS Subscription Mgmt Service   http://sdss.scbbs.com
Central Ave Dance Ensemble       http://www.centralavedance.com
R & B Salsa                      http://www.randbsalsa.com

More information about the development mailing list