While filters, groupings and other helpers make the long list of permissions somewhat digestible, it remains complex and error prone by the sheer mass of separate permissions.
I think this can be solved by reducing the complexity using more intelligent logic.
One technique would by making some permissions depend on others.
For example:
- "Edit any content" resp. "Delete any content" always includes "Edit own content" resp. "Delete own content"
- "Administer content" should always include all other mor fine-grained generic node permissions etc.
We would still want to list every single permission, so what we are gonna save is redundant information and unnecessary sources of configuration errors.
A second technique would be coupling alike permissions together and allow detaching:
This would apply to node type permissions and would considerably reduce complexity, if many node types exist. It would even save vertical real estate on the page.
By default, permissions would be coupled for all node types, so there is only one "Create new content" and only one "Edit own content" etc.
The fieldset can be expanded though and then allows to detach specific node types. If for example "page" is decoupled, the permissions will be copied over to a new permission set for this specific node type.
The rest remains coupled stating: "Other node types: Create new content" resp. "Other node types: Edit own content"
Will provide a patch or at least a mock-up as soon as possible.
Comments
Comment #1
Bojhan CreditAttribution: Bojhan commentedSeems a little late to add something like this.
Comment #2
catchDuplicate of #1200572: Concept of a hierarchical permission system.