Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By default, any user with "administer nodes" permission should be able to upload/manage images attached to galleries. Currently, they must be granted permission to edit/delete the node-types specifically. This is unexpected behavior.
Comments
Comment #1
dddave CreditAttribution: dddave commentedTo clarify:
Administer nodes should only allow to manage unprotected galleries, shouldn't it? Perhaps also private galleries but password protected galleries should be excluded in my opinion.
To manage galleries protected in such a way the proper permission (edit password protected galleries without a password) is yet to be introduced here: #612122: node_gallery_access doesn't let users with 'access protected contents' or 'edit protected contents' view password galleries
Comment #2
kmontyGallery Access can implement its own permissions, but core NG will allow editing/managing/uploading for all NG nodes.
I think the problem is that there is an assumption that goes with the "administer nodes" permission. Here is the thing: with organizations that have staffs the size of 75 people, not everyone can have access to user 1, yet they may have multiple super administrator. They super administrators will generally assume that administer nodes gives them the ability to do anything to any node. Does the password protection of a user trump an administrator's duties? It's a tough call. Not necessarily sure what is right.
In general, I support the permissions as they are outlined in the #612122: node_gallery_access doesn't let users with 'access protected contents' or 'edit protected contents' view password galleries thread.
Comment #3
justintime CreditAttribution: justintime commentedFrom http://www.zivtech.com/blog/drupal-node-access-explained-0
While that isn't gospel, I read that blog quite a bit, and they're pretty spot on most of the time. This bug actually touches NG core, as well as NGA. I'll incorporate this bug into #612122: node_gallery_access doesn't let users with 'access protected contents' or 'edit protected contents' view password galleries, but we'll also need to patch NG core as well.
Comment #4
dddave CreditAttribution: dddave commentedI also think that "administer nodes" should be handled consistently and ng shouldn't introduce something special.
About the patch:
At the moment administer nodes allows to access the gallery node's edit screen and and the edit screens of the images. Still needed are the "manage" and "upload" links to be visible and accessible for such users.
Is this understanding correct?
Comment #5
kmonty@dddave You are correct
Comment #6
kmontyFixed committed to dev.