When trying to narrow down editory rights for Fieldable panel panes, the revision rights (create, edit and delete a revision) are linked to both the 'delete' and 'administer' panels pane right. In practice one would want them to be seperate so more fine-tuned settings would be available.

For instance now it not possible to let a user change the revision of the pane but not let them delete the pane. Or am I missing a setting?

#4 fieldable panels pane permissions.png73.95 KBArgus


merlinofchaos’s picture

That's odd. What, specifically, is linked to the delete right, do you know?

Argus’s picture

Besides the delete right also the revision right (@ admin/structure/panels/entity/view/%/revision): where all the revision actions are available: display, edit, delete, make current.

merlinofchaos’s picture

Okay so the revision list is attached to the 'administer' permission. It has nothing to do with 'delete', and I can't find anywhere in the code that it might be. Unless you mean that 'administer' includes 'delete' which is typical of an administer permission?

Argus’s picture

new73.95 KB

I attached a screenshot from the /admin/people/permissions page. With these settings the authenticated user (middle row) can change the revisions. When I disable the "Delete Panels pane" checkmark, the authenticated user cannot change the revisions.

The "Administer fieldable panels panes" setting also gives this permission.

merlinofchaos’s picture

Category:feature» bug

Okay, I see what I did. I think the menu item must've been cut & pasted from delete.

So the real question is, what flag should that actually be. Need to check node and see what it does.

merlinofchaos’s picture

Ok, node.module has an overall 'view revisions', 'revert revisions' and 'delete revisions' that is global. I could duplicate that, but I'm wondering if I should make it per bundle type.

Argus’s picture

It is feasible that a different bundle type could require different permissions. That would give us a very fine grained access policy. So yes imho.

awebb’s picture

I would definitely be in favor of the granular bundle permissions myself.

Jason Dean’s picture

I'm just getting my head around this, but noticed that 'create new revision' seems selected by default.

My site doesn't use revisions so I want user to be able to deselect, which requires the 'Administer fieldable panels panes' permission. But I don't want them to be able to delete.

merlinofchaos’s picture

The simplest thing to do is implement hook_form_alter and change the #default_value of that flag to 0.

dajjen’s picture

Issue summary:View changes

Hi I'm also interested in this functionality. Has anyone a patch for this?

DamienMcKenna’s picture

I would favor having a generic set of revisions permissions but using them in tandem with the other CRUD permissions to identify the user's access.