Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
it's not obvious that "edit book" is going to allow you to edit _all_ book content across the site. We should rename the permission to reflect that.
Comment | File | Size | Author |
---|---|---|---|
#20 | edit-any-4.patch | 4.82 KB | JirkaRybka |
#19 | edit-any-3.patch | 4.82 KB | JirkaRybka |
#14 | edit-any-2.patch | 3.47 KB | JirkaRybka |
#11 | edit-any.patch | 3.46 KB | catch |
#10 | delete.png | 3.1 KB | catch |
Comments
Comment #1
blakehall CreditAttribution: blakehall commentedAssuming the only place this lives is in node.module, this patch should do it.
I'll roll patches for 5.x and 4-7 if we'd like to backport...
Comment #2
RobRoy CreditAttribution: RobRoy commentedHuge +1...are there any other places that *check* this permission that need changing? Like node_access() or something.
Comment #3
nedjoThe permission at present would read e.g. 'edit story content', which at least is clearer than 'edit story', but I agree that 'edit all story content' better conveys the difference between this permission and the 'edit own story content' permission.
Yes, the
if ($op == 'delete')
section ofnode_content_access()
needs updating.Also we would need an _update function to update existing permissions.
Comment #4
blakehall CreditAttribution: blakehall commentedIt looks to me like the $op == 'update' needs updating (rather than delete).
I'd love to roll another patch, but I'm not sure where _update functions go in version 6 (especially since node doesn't have a *.install file)...
It seems like we're talking about an update permissions table. Is there a cleaner way to update it than a RegEx on the perm field?
Comment #5
gaele CreditAttribution: gaele commented+1
This is usability, people. Can we still get this into D6?
Comment #6
JirkaRybka CreditAttribution: JirkaRybka commented+1 (It took me a while to figure out that I needn't to assign "edit story contents" to make "edit own story contents" working, when I tried with Drupal first time.)
There's already at least one patch with renamed permission committed: http://drupal.org/node/181088 - may be useful to look in there for the upgrade function. (BTW - if node have no .install file, we should probably add one?)
Comment #7
JirkaRybka CreditAttribution: JirkaRybka commentedAttaching a new patch:
- Both edit and delete permissions renamed to edit all and delete all
- Upgrade path included (updating the new delete permission too, just in case someone goes from a 6.x-beta)
- I did a full search on core files: No more places to update permission names.
- Fully tested by me (but needs more review, as usually here)
I hope this might be able to go into 6.x, still. Usability stuff.
Comment #8
JirkaRybka CreditAttribution: JirkaRybka commentedRe-rolling...
Opinions / feedback / reviews welcome. It would be nice to hear, whether this is for D6 still.
Comment #9
catchMassive +1 from me. Tested the patch and it works fine, applies with some offset. Upgrade path is consistent with previous permission changes this cycle although I didn't test it. Should be RTBC though.
Comment #10
catchAck!
I just took a closer look at the permissions page, now we have "delete x content" permissions this won't work:
Obviously someone could go through every post on a site individually, deleting them one by one, but we don't want to give the impression there's a one click delete function sitting somewhere if this is enabled!
So I think we should change this to "delete any x content" to make it less ambiguous.
Comment #11
catchOK quick re-roll with 'any' for review. If people think my problems with "edit all" are a false alarm, then I'd still be happy for it to be committed, either "all " or "any" would be better than nothing.
Comment #12
JirkaRybka CreditAttribution: JirkaRybka commentedRerolled to remove offset. Also your quick edit changed one instance of "own" to "any", but luckily outside changed lines, so it would just make a bit of fuzz on applying. Now corrected.
Otherwise I quite agree that "any" is even more accurate. Feel free to RTBC again, if appropriate.
Comment #13
catchJirkaRybka - did you mean to attach something? ;)
Comment #14
JirkaRybka CreditAttribution: JirkaRybka commentedOh, a reminder "didn't you forget something" on submit would be definitely nice! ;)
I'm sorry...
Now attaching.
Comment #15
catchI think this is good to go then.
Comment #16
Gábor HojtsyI think this is a good improvement, but one more pair of eyes to look on whether we miss some permission usage or not would be appreciated.
Comment #17
Gábor HojtsyWell, I grepped Drupal core, and it looks like polls have the same problem still. Ie. "edit polls" and "edit own poll". Let's get this sorted out quickly, so we can get this into Drupal 6 finally.
Comment #18
webernet CreditAttribution: webernet commented- We don't need to update the delete permissions since we don't support HEAD to HEAD upgrades.
- All updates for Drupal 6 should be system.install and not the individual install files (in this case node.install)
Comment #19
JirkaRybka CreditAttribution: JirkaRybka commentedOk, improved patch:
- Polls included. Permissions "create polls", "edit polls", "edit own poll" changed to "create poll content", "edit any poll content", "edit own poll content".
- By the way, I discovered one instance of "edit own polls" access check, which was obviously a bug.
As for #18 - I feel really uneasy about making things *worse* just for consistency here. Deliberately breaking 6.0-beta installs, seems wrong to me. Also having all core updates concentrated in system.install (which is a scary monster now) seems not very nice to me, especially when there are already separate updates for book, comment, locale, statistics (and possibly more, I didn't check all).
But since this is beyond scope for this issue, and I see your points are valid from the current-state consistency perspective, I changed the patch:
- Upgrade path for 6.0-beta existing "delete foo content", "edit polls", and "edit own poll" now *NOT* provided.
- Update now rolled as system_update_6038()
Comment #20
JirkaRybka CreditAttribution: JirkaRybka commentedRe-rolled. (Just an offset - huge one, but nothing broken.)
Comment #21
catchReady then!
Comment #22
Gábor HojtsyUpgrade path for
- edit polls => edit any poll content
- edit own polls => edit own poll content
missing.
Comment #23
JirkaRybka CreditAttribution: JirkaRybka commentedThese are NOT missing. These are REMOVED per #18 - just like the general delete stuff, these are new 6.x permissions, existing on our recent betas, but not on 5.x. I may easily add them all back into the patch, but only if someone confirm that we DO support upgrades from beta releases. I'm unsure on this, and the only clear feedback I got on this is #18.
Comment #24
Gábor HojtsyI checked poll.module for Drupal 5, and indeed, it does not have its own editing permissions. Committed.
Comment #25
(not verified) CreditAttribution: commentedAutomatically closed -- issue fixed for two weeks with no activity.