Problem/Motivation
Some permission descriptions don't add any/much information or really clarify anything beyond the name of the permission.
Proposed resolution
Figure out which permission descriptions are redundant, and remove them.
Remaining tasks
a) Make a list of descriptions to be removed. [see UI changes section below]
b) Remove them in a patch.
User interface changes
Less useless text on the Permissions page. Here's a list of redundant permission descriptions to be removed:
Content Translation
Administer translation settings
Configure translatability of entities and fields.
Contextual Links
Use contextual links
Use contextual links to perform actions related to elements on a page.
File
Access the Files overview page
Get an overview of all files.
Image
Administer image styles
Create and modify styles for generating image modifications such as thumbnails.
Node
Access the Content overview page
Get an overview of all content.
Tour
Access tour
View tour tips.
[Note: this one should probably say "Access tours" as the main permission name?]
API changes
None.
Data model changes
None.
Comments
Comment #1
joachim CreditAttribution: joachim commentedComment #2
Dries CreditAttribution: Dries commentedThis looks like an improvement to me, but I'm not a native English.
Comment #3
coderintherye CreditAttribution: coderintherye commentedJust want to add an opinion that I don't find 'the user' or 'oneself' to be helpful in explaining that permission. Oneself is also a rarely used word at least in the U.S. (for further proof of that Google 'oneself', 16 million hits, to Google 'yourself' 326 million hits), Unfortunately, I don't have much to add as it is a hard phrase to word. Perhaps
'Allows a user to view unpublished content that they created'
Hopefully, some more opinions will chime in.
Comment #4
joachim CreditAttribution: joachim commentedThe thing is to keep the grammatical point of view consistent down the entire permissions list.
We have already: "View, edit and delete all site content. Users with this permission will bypass any content-related access control."
So I guess the pattern here is that the description text has an implied "Users with this permission may:" before it.
In which case, we can make that part explicit to be clear:
We can now bikeshed about use of the singular 'they' ;)
I actually think on looking down it that the whole list of permissions could do with a grammar pedant to go over it.
Things like this:
Merely repeating the UI does not make good user documentation!
Comment #5
coderintherye CreditAttribution: coderintherye commentedWell as far as I am concerned, I liked your wording and think it betters conveys the message for this particular aspect.
So as for this particular issue, marking it to needs review and I think if we were to want to change grammar in multiple places then we would want to open another issue that is more encompassing?
Comment #6
joachim CreditAttribution: joachim commentedYes, absolutely -- that would be for another issue.
Here's a new patch.
I'm not entirely sure about the bumpy pattern we now get for the node permissions description :/
Comment #7
Dries CreditAttribution: Dries commentedI'm not 100% convinced about this change. We never start the description with "Users with this permission ...".
Comment #8
joachim CreditAttribution: joachim commentedYeah, I'm not convinced either for the same reason.
But if permission descriptions are going to be sentences without subjects, we're going to end up with constructions that use 'oneself' ...
Comment #9
cwgordon7 CreditAttribution: cwgordon7 commentedIt's also generally grammatically preferable to have a clear subject in the clause - "May view unpublished content they have created" only makes sense if the individual user is singled out as the subject. It might be worth considering changing all of our permissions' descriptions to use the "Users with this permission..." pattern.
Comment #10
coderintherye CreditAttribution: coderintherye commented+1 to #9.
The only alternative I see is wording the permissions for unpublished content like how the View Unpublished module does it, with either "edit all unpublished content" or "edit unpublished x content" where x is the content type.
Comment #11
joachim CreditAttribution: joachim commentedI think we need a revisit of all permission description texts.
I've just spotted this gem:
Administer actions
Manage the actions defined for your site.
(Yeah. Cos that gives me more information!)
Comment #12
jhodgdonHmmm...
OK, we're looking at things like:
View own unpublished content
View unpublished content created by the user
I agree, the current text doesn't make sense... What we need to do is decide whether the permission descriptions are implying a "You can..." start, or a "Users with this role can...", or if they are meant to be commands (which I don't think is accurate). My feeling is that the implied text is "Users with this role can...". We could make this explicit by putting that text at the top of the page. Then we could change this to:
"View unpublished content they created".
Thoughts?
Anyway, permission descriptions with "the user" aside, I reviewed the other permission texts and found a few that I think need some attention:
Administer nodes
Manage all information associated with site content, such as author, publication date and current revision. Warning: Give to trusted roles only; this permission has security implications.
(should also say that it gives you permission to edit the content as well)
Create URL aliases
Manage URL aliases on content.
(on? Maybe should be "for"?)
Cancel own vote
Retract and optionally change own votes.
Inspect all votes
View voting results.
(I think everyone can see the aggregate voting results, so this probably should say that you can view individual-voter-level results?)
Administer shortcuts
Manage all shortcut and shortcut sets.
(should be "all shortcuts")
Administer software updates
Run the update.php script.
(Is that really all this permission does, and should the description explain what the update.php script does?)
Access contextual links
Use contextual links to perform actions related to elements on a page.
(Doesn't this permission actually display the links?)
Access administration toolbar
Access the persistent administration toolbar displayed on all pages.
(I think most of the "access" permissions say "view" in their description?)
Select method for cancelling own account
Select the method for cancelling own user account. Warning: Give to trusted roles only; this permission has security implications.
(spelling error: canceling is the correct spelling)
Comment #13
jhodgdonComment #14
joachim CreditAttribution: joachim commentedI've just updated CVS and the large majority of permission descriptions have been removed.
Apart from one or two cases, the descriptions are by and large warnings about security implications or clarifications (eg that the cancel account permission means different thing depending on what the settings for that are).
So I think we can close this.
Comment #15
jhodgdonReopening. There are still a couple of descriptions that should be removed, as they don't add any/much information or really clarify anything:
(contextual module)
Use contextual links
Use contextual links to perform actions related to elements on a page.
(image module)
Administer image styles
Create and modify styles for generating image modifications such as thumbnails.
Also, it would have been nicer to have marked this as "fixed" rather than "closed" so it would still show up in issue queues for a while, so those of us following this issue could have noticed. :)
Comment #16
Tor Arne Thune CreditAttribution: Tor Arne Thune commentedStill a valid issue as per post #15.
Comment #17
jhedstromAnd still valid per #15 :)
Comment #18
no_angel CreditAttribution: no_angel as a volunteer commentedComment #19
no_angel CreditAttribution: no_angel as a volunteer commentedComment #20
no_angel CreditAttribution: no_angel as a volunteer commentedComment #21
no_angel CreditAttribution: no_angel as a volunteer commented- Needs issue summary update
+ Needs Review
patch to remove unnecessary permissions descriptions.
Comment #22
jhodgdonHm... this patch has an extra file in it by mistake. Oops!
And also let's see if it is complete. I think the two items in this patch (and issue summary) were just examples of permission descriptions that add no useful information, not necessarily a comprehensive list.
So... I started up a simplytest.me and enabled all of the Core modules (aside from three that are marked "Experimental"). I'm adding a few additional suggestions of text that is redundant to the issue summary, and clarifying it in general. So I think we can do more than just these two in the patch.
Comment #23
no_angel CreditAttribution: no_angel as a volunteer commentedComment #24
no_angel CreditAttribution: no_angel as a volunteer commentednew patch to remove / revise as per list below:
------------------------------------------------------------------
Question: should the 'Review' revisions have a 'to' view...?
For node > content type > Delete revisions > Role requires permission to view revisions and delete rights for nodes in question, or administer nodes.
For node > content type > Review revisions > Role requires permission view revisions and edit rights for nodes in question, or administer nodes.nodes.
Comment #25
no_angel CreditAttribution: no_angel as a volunteer commentedComment #27
jhodgdonThanks for the patch!
This indentation change is causing the test failures.
Also, please do not post stuff like #24 in comments -- git transcripts and the output of your shell scripts are not something we need to read. Thanks!
Because of all the noise in your comment, I almost didn't see your questions... And the answer is yes, I think the word "to" should be added to those permission descriptions that you suggested at the bottom of #24. Thanks for noticing that!
Comment #28
no_angel CreditAttribution: no_angel as a volunteer commented19 modules have been enabled: Actions, Activity Tracker, Aggregator, Ban, Book, Forum, Responsive Image, Statistics, Syslog, Testing, Telephone, Configuration Translation, Content Translation, Interface Translation, Language, HAL, HTTP Basic Authentication, RESTful Web Services, Serialization.
Comment #29
jhodgdonUm. Which patch did you want to attach here? Please attach 1 patch and 1 interdiff file and set status to Needs Review. Thanks!
Comment #30
no_angel CreditAttribution: no_angel as a volunteer commentedComment #31
no_angel CreditAttribution: no_angel as a volunteer commentedSorry for the delay.
I've attached a revised patch and interdiff.
Thanks for your patience!
Comment #32
jhodgdonThanks! I think this is all very good now.
I am moving the component to 8.1.x, because this changes translatable strings, and I don't think it's enough of a major bug to warrant invalidating translations in 8.0.x.
Also tagging with Usability so that hopefully the usability team will review it. As such I am not marking it RTBC myself.
Comment #33
yoroy CreditAttribution: yoroy commentedI don't really understand what these two descriptions are trying to tell me. Is this to say which other permissions are needed to be able to use this one? This is already a problem with the original strings so not necessarily something to fix here.
All the bits that get removed with this patch look good to me!
Comment #34
jhodgdonGood point! However, I think that this is out of scope for this issue and we should in this patch, just take out the minor changes to these permission descriptions , because this issue is about removing "useless descriptions", not fixing incorrect descriptions. So filed
#2678178: Node revision revert/delete permission descriptions are wrong
to deal with the broken descriptions for revision revert/delete.
So can we have an updated patch here that doesn't make the (currently very minor and out of scope) changes to the descriptions for revision revert/delete permissions? Thanks!
Comment #36
yoroy CreditAttribution: yoroy commentedComment #37
dagmarI think this should address this.
Comment #38
jhodgdonLooks good, thanks!
Comment #39
xjmThis looks great!
This is the only description in here that adds any useful information: in this case, that a "thumbnail" is an example of an image style. Is that a concern? Bumping back to NR to double-check that.
The rest of the patch looks good to me.
Comment #40
xjmComment #41
jhodgdonyoroy already OK'd removal of the above in #33, but I'll tag this with "needs usability review" again if you think it deserves another look.
Comment #42
yoroy CreditAttribution: yoroy at Roy Scholten commentedGood nitpick :-) The description on /admin/config reads "Configure styles that can be used for resizing or adjusting images on display." So what image styles do is explained elsewhere, in a place closer to the functionality itself. Since this is one permission for the whole of the image styles feature (instead of one-of-multiple like for Field UI or Configuration manager which have to be more specific to tell them apart) I think it's ok to remove the explanation here.
Comment #43
jhodgdonThanks for the usability review! Then in that case, this is RTBC again, since I think that was the only question.
Comment #44
alexpottCommitted 6e69b56 and pushed to 8.2.x. Thanks!
This is a translated string change - so this can only go in 8.2.x
Updated the title to be more informative and less harsh.