Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In the past Protected Node was able to control view access and edit access to protected nodes separately, using 'view protected content' and 'bypass password protection'. The language was a little unclear and definitely need improving, but #2424571: Is "view protected content" permission redundant? went and removed it altogether, lumping edit access together with view access. I'd like to suggest we roll back that patch, and just come up with some better permission names and descriptions to make it clear what is going on.
Comment | File | Size | Author |
---|---|---|---|
#16 | protected_node-split_view_and_edit_permissions-2482419-16.patch | 16.4 KB | Grimreaper |
Comments
Comment #1
GrimreaperHello,
I think it would have been better to re-open the related issue.
Are you ok with this permission matrix?
Comment #2
Khalor CreditAttribution: Khalor commentedI think the first point of confusion was the 'access protected content' (which implies actual access to the node) in actuality only allows the user access to the password input screen instead of getting a regular access denied. So we should change that to 'access password dialog' or something similar.
Then restoring 'view protected content' (view without password) makes more sense - possibly change the 'bypass' permission label to something like 'edit protected content' (which implies view access as well).
So the matrix would look like this:
Comment #3
GrimreaperHello,
I agree that your labels are easier to understand, so the permission matrix is more natural.
Just waiting the opinion of Izus the other co-maintainer. If it is ok, I will make the patch.
To complete the matrix, for features which add tabs on the node like webform, or the node/nid/delete. I don't know if those responsibilities should be in "edit protected content (bypass password)" or in two permissions like "delete protected content (bypass password)" and "access protected content other tabs (bypass password)"
Comment #4
izus CreditAttribution: izus commentedHi,
i agree with the split
let's not use the terme 'dialog' as this is a waanted feature that is not in for the moment (we just redirecte to a form) and let's also be clear with terms : edit any password => edit any protected node password
i also think that the module should keep on "view" part and not deal with the delete operation.
we'll need to set new permissions automatically (hoo_update_n) to not break existing site permissions
a clear matrix in the readme.txt would begreat too :)
Comment #5
GrimreaperHello,
Here is a patch that change the permissions.
Thanks to test and review it.
When it will be ok, I will also update the README.txt and the online documentation.
Comment #6
izus CreditAttribution: izus commentedaccess protected node password form
can we also change this to "edit any protected node password", would be clearer
Thanks
Comment #7
GrimreaperThanks for the suggestions.
I remade the patch with.
Waiting any feedback before merging.
Comment #8
Khalor CreditAttribution: Khalor commentedLooks good to me, nice work!
Comment #9
Khalor CreditAttribution: Khalor commentedComment #10
izus CreditAttribution: izus commentedBefore the patch we had 3 permissions:
'access protected content'
'bypass password protection'
'edit any password'
After the patch we have 5 permissions:
'access protected node overview page'
'access protected node password form'
'edit any protected node password'
'view protected content'
'edit protected content'
The 5 permissions are all new ones. In order to not break permission system of existing sites we should handle all the new permissions default configuration based on the old permissions
Comment #11
GrimreaperHello,
Just in time, I was about to merge :)
'access protected node overview page' <- 'administer site configuration'
'access protected node password form' <- 'access protected content' DONE
'edit any protected node password' <- 'edit any password' DONE
'view protected content' <- 'bypass password protection' ???
'edit protected content' <- 'bypass password protection' DONE
If you are ok with this mapping I will update the patch.
I will also have to update the README.txt and the documentation page.
Comment #12
izus CreditAttribution: izus commentedyeah i think something like this will do it :)
Comment #13
GrimreaperOk, finally I have done:
'access protected node overview page' <- 'bypass password protection'
'access protected node password form' <- 'access protected content'
'edit any protected node password' <- 'edit any password'
'view protected content' <- 'bypass password protection'
'edit protected content' <- 'bypass password protection'
Currently it is bypass password protection for the overview page. And I have added the matrix in the README.txt
Thanks for the review.
Comment #14
izus CreditAttribution: izus commentedread the code quickly and seems good.
letting someone that applies it and tested interface mark it as RTBTC or to Grimreaper to retest and merge :)
Comment #15
GrimreaperOk, thanks.
I will wait a few days (3 - 7) or until someone else respond to merge.
Comment #16
GrimreaperRebasing the patch.
Comment #18
GrimreaperThis is now merged.
Thanks all.