New permissions have been added that allow users to maintain registrations for only those host entities that the user can edit. These permissions are useful when host entities are created by many different users, and access to the associated registrations should only be available to the authors of those host entities. Most sites can ignore these new permissions since they are only helpful for specific use cases.
Before:
Users with "Manage registrations for editable entities" permission also required "View registrations" permission in order to see a listing of registrations for those host entities, otherwise only a summary was displayed. However, granting "View registrations" permission allowed these users to view any registrations on the site, not just the registrations associated with editable host entities.
After:
New permissions have been added:
"View host registrations"
"Update host registrations"
"Delete host registrations"
These restrict access to only those registrations associated with editable host entities (host entities the user can edit).
Note: By default, for sites with the Views module enabled, a user with "View host registrations" and not "View registrations" permission will be unable to access the Manage registrations listing as a Views listing; instead the listing will be delivered as a data table, which has less functionality than a Views listing. If desired, a site builder can address this using one of these options:
- Change the access for the Manage registrations view from
"View registrations"permission to"Unrestricted". For most sites this has minimal impact on security since access to the Manage registrations page is already controlled by various Registration module permissions. - Install the Views Multiple Permissions module and change the access for the Manage registrations view from
"View registrations"permission to both"View registrations"and"View host registrations"permissions. - Change the access for the Manage registrations view from
"View registrations"permission to"View host registrations"permission. This is not recommended if any users could have"View registrations"permission and not"View host registrations"permission, since those users would then see the Manage registrations listing as a data table, effectively moving the data table problem from one group of users to another.
