Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I extended the user.module in order to allow descriptions for permissions because it is sometimes difficult to figure out what a certain permission really does. In hook_perm()
you can now return an array like that (example taken from node.module):
function node_perm() {
return array(
'administer nodes' => 'Allows editing and deleting of all nodes',
'access content' => 'Allows to view content'
);
}
You can also freely mix "described" permissions with old/regular ones; i.e. it does not break the current permission system.
Comment | File | Size | Author |
---|---|---|---|
#64 | user-permission-descriptions-30984-64.patch | 29.88 KB | webchick |
#62 | user-permission-descriptions-30984-62.patch | 29.86 KB | webchick |
#60 | user-permission-descriptions-30984-60.patch | 29.85 KB | webchick |
#57 | user-permission-descriptions-30984-57.patch | 29.97 KB | webchick |
#56 | user-permission-descriptions-30984-56.patch | 29.95 KB | webchick |
Comments
Comment #1
Uwe Hermann CreditAttribution: Uwe Hermann commentedPatch doesn't apply anymore.
Comment #2
Stefan Nagtegaal CreditAttribution: Stefan Nagtegaal commentedRerolled patch... I like this idea!
Comment #3
Tobias Maier CreditAttribution: Tobias Maier commented+1 from me
I think this is a real usability improvement
Comment #4
Crell CreditAttribution: Crell commented+1 on the functionality, but a few problems. In particular, don't use
<br /><small>
to indicate the description text. That's hard-coding the formatting into the code, which is badness.I've attached a revised patch that adds 3 things:
<div class="description">
instead of<small>
in order to follow the same convention as elsewhere in Drupal.#permissions .description
class to drupal.css to account for it, using the same rules as for form items. (Themes can of course override it with whatever they want.)Please review!
Comment #5
kkaefer CreditAttribution: kkaefer commentedComment #6
Crell CreditAttribution: Crell commentedHm. Well, then upload.module needs to be fixed, too, IMHO. :-) Still, does this patch work? Can we get this committed, with or without using it in other core modules?
Comment #7
chx CreditAttribution: chx commentedforms API is in.
Comment #8
Crell CreditAttribution: Crell commentedGr. Yeah, I guess the patch should be revised to the new Form API, but I don't know the new API yet. :-) Anyone who does, would you have time to update this? I'm afraid I won't for a while now, since I'd have to learn the new API first.
Comment #9
Crell CreditAttribution: Crell commentedRight then, my first attempt at working with the new forms API. Well, not really, as I only had to add one half line that had anything to do with forms, but I had to reimplement the array handling algorithm since the loop structure changed for the new forms API. Whatever.
I'm not crazy about putting a div in there explicitly, but I'm not sure how else to do it. If someone who knows the form API better than I do has a better suggestion, please share!
Anyway, here's the new patch, edited for the new forms API and rolled against today's HEAD.
Comment #10
drewish CreditAttribution: drewish commentedi didn't apply the latest patch, but the code looks good and i like the idea.
Comment #11
Crell CreditAttribution: Crell commentedHm. I don't know if I should take silence as approval or as disapproval. :-) I'd really like to see this get into 4.7. Can someone else actually try the patch and give a thumbs up and "ready to commit" status? I don't want to set that on my own patch. :-)
Comment #12
Crell CreditAttribution: Crell commentedI guess I should claim this issue... Any other reviews?
Comment #13
Crell CreditAttribution: Crell commentedRerolled against HEAD.
Comment #14
eaton CreditAttribution: eaton commented+1. This is good thing. Permission names currently dance between 'too short to understand' and 'too long and descriptive to fit in the window.'
Comment #15
Crell CreditAttribution: Crell commentedUm, thanks Eaton, but did you install and review it? I don't think Dries et al are even going to look at it until it gets set "ready to be committed", but I don't feel comfortable setting my own submission. :-)
Can someone actually look at the code and set it ready to commit (if it is) instead of just saying they like the idea? I like the idea, too, but that doesn't help much. :-)
Comment #16
Stefan Nagtegaal CreditAttribution: Stefan Nagtegaal commentedCrell, when so much people say they lie the patch you should update it once again. I'll promiss you to test the patch and set it ready to commit when everything seems to be fine..
Then it's up to Dries to decide what he wants, apply or reject..
Untill that I think it'll bring us more good than bad..
Steef
Comment #17
Crell CreditAttribution: Crell commentedOK, update it to do what? :-) As far as I know it applies cleanly with latest head, still functions, and the only thing missing is text for all core modules which as I said is something I figure the Docs team would be better equipped to do than I am. If something is not fine, please tell me so that I can fix it. Otherwise I'm just waiting for someone to actually read the code.
Comment #18
Crell CreditAttribution: Crell commentedOnce again rerolling against HEAD. I'm not sure what's left to do with it. Someone please give me a hint or give me a ready-to-commit. :-)
Comment #19
Crell CreditAttribution: Crell commentedSetting postponed, just to clean up the queue a bit. This isn't going into 4.7. I'll try again in 4.8.
Comment #20
kkaefer CreditAttribution: kkaefer commentedRerolled the patch against HEAD and made the required changes.
Comment #21
Crell CreditAttribution: Crell commentedThanks, timcn, I'd nearly forgotten about this one! :-)
Applies cleanly and seems to work. Spiffy.
Some comments:
- The description for "change own username" is "The permission to change the own username." That just doesn't flow right in English. I'd suggest "Allows users to change their own username."
- There's still a
<div>
in the straight source in user_admin_perm(). It was there in my version, too, because I couldn't figure out a good way to get around it. I still think it shouldn't be there, but I'm not sure of a non-inefficient way around it. A theme function feels like overkill, but may be necessary. Thoughts from other experts?Comment #22
kkaefer CreditAttribution: kkaefer commentedChanged Crell's suggestion. Added descriptions for *all* core module permissions.
Comment #23
nedjoThe descriptions are a good usability improvement.
Should we be saving them to a table (like we do with, e.g., module descriptions) rather than loading them each time?
Is there a relation here to http://drupal.org/node/73874, Normalize permissions table? Should we have a table with an id, name, and description for each permission and then assign permissions on the id (a table with rid (role id) and pid (permission id)?
Comment #24
Crell CreditAttribution: Crell commentedNice! Although I suggest we kidnap someone from the docs team to review the descriptions.
There's still the issue of that div... :-(
Comment #25
Crell CreditAttribution: Crell commented@ nedjo: That issue would probably break this one again, but it's a separate matter. That's about changing the storage mechanism for permissions. (I'm personally not in favor of moving them all to the database, but I would support non-comma-string storage.) This issue is a usability improvement for the roles page. It shouldn't have any application outside of that page and that page isn't called often, so I see no reason to db-cache the description strings.
Comment #26
kkaefer CreditAttribution: kkaefer commentedActually, the
div
issue is not an issue. There is plenty of markup in the form building process in other sections as well. A separatetheme_
function would be trop.Comment #27
Crell CreditAttribution: Crell commentedWell, if TPTB are OK with the div, I'm OK with it as well for now, I suppose.
Can we get some sort of feedback on the text of the descriptions? I think that's the only thing left here.
Comment #28
drummThis is a good idea, but makes the permissions page unmanably large. I have a couple ideas:
- 'Help for each permission' link which replaces checkboxes with help.
- Put help in a separate row from the checkboxes so they are stacked.
or
- A combination of the two where they are stacked after clicking a link.
Comment #29
Egon Bianchet CreditAttribution: Egon Bianchet commentedWhat about a tooltip?
Comment #30
chx CreditAttribution: chx commentedComment #31
webchickSubscribing. Huge +1 to this functionality. Patch no longer even comes close to applying, but hey. :)
Comment #32
webchickOk, here's a re-roll. Still needs testing and an upgrade path (I renamed blog and forum permissions to be consistent with the other node types not only because it feels good, but also to save a bunch of typing ;)). I'd also like to try and find a better way to add the div in there, and include ?q=admin's "hide descriptions" link/feature. I'm also considering removing the safety check that allows the descriptions to be optional, as I believe they ought to be required.
Attached is the patch and a screen shot of how it looks.
Comment #33
ScoutBaker CreditAttribution: ScoutBaker commentedI agree that descriptions should be required. It is seriously annoying to have some items listed with a description and then others without. I see this all the time in systems other than Drupal or a CMS. The built-in (i.e., core) items have their descriptions, then the third-party (i.e., contrib) entries are blank, leaving you wondering what they are for. Usually those are the items that are most in need of being documented.
Comment #34
webchickOk.
Now all that's left is testing, since I sure haven't done any. ;)
Comment #35
webchickSlightly more descriptive title.
Comment #36
kkaefer CreditAttribution: kkaefer commentedI think it would be better to use a word like "created" or "written" instead of "authored". It is possible to confuse that word with "authorized" for people for whom English is not the first language.
Comment #37
webchickGood call. Also, stealing this issue from you. Mwahahaha. ;)
Comment #38
keith.smith CreditAttribution: keith.smith commentedThis user? Or users in this role?
How about "Add posts of any content type to a book."
Or just "Comment on a post (approval required).", "Comment on a post (no approval required)"? Or something.
Er. Huh?
"...regardless of its author."?
Capitalize URL. Plus, "url alias" and "posts" do not agree.
This are good examples of where the descriptions are almost less clear than the permissions (the permissions here are very clear, unlike many on this list). Descriptions will almost be redundant on some of these, adding no value.
...visited...
I didn't really notice until I got here, but we need to introduce some consistency in wording, as a good example to contrib. Here, you have "Edit, create and delete". Reading back through, I also see:
- "Create, edit and delete..."
- "Delete, block or add..."
- "Add and remove..."
- For add, we have 'Post', 'Add', 'Write', 'Create', etc.
- Both 'see' and 'view' used for view (and 'Access', 'Use', and 'Perform', with slightly different meanings)
- 'Manage', 'configure', 'set', 'changes', and 'select' used for configure/manage
This one is in a style altogether different from the others.
Now, all that said, I love this patch, and webchick, you rock for taking this on.
Comment #39
webchickw00t! thanks for the review, Keith!
I missed your reply before I started my crusade to read over all of these thoroughly and attempt to fix some of them, since the patch before was for the most part a simple re-roll. I've incorporated your feedback where it still applied (THANK YOU for the much better wording on the node perms especially. Sheesh. :P), but if you could have another look through, I'd appreciate it.
Haha, uh. Yeah. Right. I cheated here and just stole the menu item descriptions, which I guess means we need to create sensible text in two places. ;)
Let's try this instead:
...sigh. ;P I'm definitely up for better ideas. ;)
Just made the descriptions match their permission names for now, unless we think of something better. Except:
I felt that was a bit more clear.
Good call on standardizing on permission descriptions. I decided to go with the following standards:
- Add: Make something that wasn't there before.
- View: Look at something.
- Delete: Get rid of something.
- Edit: Change something.
- Manage: Some or all of the above. No real need to call out "Add, View, Edit, Delete, Gaze Fondly, etc." as I don't think it adds much value to the descriptions and it's too hard to keep it consistent across 50+ names.
- Select: choose or pick something.
- Configure: Anything related to settings. For example, you manage comments, but you configure comment administration settings.
Speaking of which...
- Administration settings: Doo-hickeys that you can configure in the admin panel.
Might not be perfect, but hopefully it's a start. :)
And thanks for the props, but kkaefer did all the hard work; I'm just doing some polishing. :)
Comment #40
webchickMarking back for review.
Comment #41
kourge CreditAttribution: kourge commentedThis is one big usability plus.
Comment #42
moshe weitzman CreditAttribution: moshe weitzman commentedI like this. I think we should honor the setting on /admin to hide descriptions (i.e. reuse same variable). So the meaning of that variable is 'compact' mode' or somesuch. We could re-show that same link on perm page or not - i vote to re-show it. Either way, this is a nice enhancement.
Comment #43
RobLoachThis has been a personal itch for me for a long time.
Comment #44
webchickOk cool. This implements the hide descriptions link, per Moshe. This took a little bit of futzing, but not as bad as I thought. A nice side benefit of this futzing is that now the "hide descriptions" link isn't coupled to the ?q=admin screen, so we can re-use it wherever we want in the future. :)
So this patch is the same as the above, except it now has a "hide descriptions" link at the top which will revert to the "legacy" view.
Comment #45
webchickOops. As i was going through I spotted a stray newline in system.install. Silly vim.
Btw, for testing this patch we need the following:
- Do everything with blogs (create, delete, edit, etc.) as NON-uid 1 to make sure the permission renames still work.
- Do the same with forums.
- Setup a D5 (or even D6 site) with auth users having blog/forum permissions and ensure that you can do everything above after updating.
- Look over the permission descriptions and make sure they make sense. Let's not get overly bikeshed about this, as these can always be refined later, but if there's something that's clearly wrong or awkward, please suggest an alternative.
Comment #46
RobLoachThese are the steps I took to test this patch:
Everything seems to be perfect. Some descriptions arn't that helpful though, my nitpicks are as follows:
Very nicely done, Angie. This is great! Other then the three nitpicks I listed above, everything works perfectly.
Comment #47
dmitrig01 CreditAttribution: dmitrig01 commentedRe-rolled with Rob's suggestions
Comment #48
webchickI think dmitrig01 meant to mark this back to needs review.
Comment #49
RobLoachLooks like you changed:
This seems reasonable. If anyone has any other thoughts, please let them be known! The patch applies cleanly. Refer to my previous review for my thoughts on its functionality.
Oh, and the "Hide descriptions" link works very nicely, using the same setting as the "Hide descriptions" on the administration panel. This also means we can use the same Hide descriptions link on other pages.
Comment #50
catchOne minor comment:
Allows users to, after voting, cancel their vote.
could be:
Allows users to to cancel their own votes.
Otherwise looks perfect, so leaving at RTBC since I'm not sure my change is any better.
Comment #51
webchickHere we go. Based on consensus in #drupal, I think this is good to go.
The "Allow users to ...." is inconsistent with other permission descriptions, so we decided to go with:
Leaving RTBC, since that's the only change.
Comment #52
keith.smith CreditAttribution: keith.smith commentedThe patch in #51 used both "Can be performance heavy" and "Could have performance implications". The attached patch changes the instance of "Can be performance heavy." to "Could have performance implications." for consistency.
My only other very small nitpick with this patch is the wording "this permission has security implications". Technically, all permissions have security implications, 'tis only that some permissions have much more profound implications than others. I don't have a good suggestion for changing this, though, and I like the fact that it will probably make people stop and consider the..., well, implications, before granting those permissions.
I diffed the previous patch and this one to confirm that the modified "Can be performance heavy" was the only change, so leaving it at RTBC.
Comment #53
birdmanx35 CreditAttribution: birdmanx35 commentedsubscribing
Comment #54
dmitrig01 CreditAttribution: dmitrig01 commentedHere are two screenshots - the full one, and a smaller, annotated one.
Note: This is not with the latest version of the patch installed
Comment #55
chx CreditAttribution: chx commentedI like this patch, however I have a few nitpicks.
#description
this is somewhat deceiving as quite a number of form elements have this property and markup does not have it. Can we maybe find a better name to reflect that this is specific to this form? Also, !is_null should be !empty.Comment #56
webchickI'm not sure why we need !empty rather than !is_null, since the value's instantiated as NULL whenever it's not defined, but I've changed it per your request.
I realize #description isn't output in theme_markup() (though I'm not exactly sure why an exception is made here), but it seems to me that re-using the #description flag which means semantically the same thing as it does in any other form element is better approach than either embedding the div in the form markup itself (which removes its themability) or making up some bogus flag like #permission_description. Are you sure this is really necessary? If so, do you have suggestions on what I should call it instead?
Comment #57
webchickHowever, to avoid this patch being caught in further debate, here's a re-roll with #description renamed to #permission_description. But I think we maybe ought to just fix theme_markup() in another patch so that it outputs a #description like other elements, so that placing the div in the theme function here is unnecessary. However, tweaky FAPI internals are /definitely/ out of scope for this patch. ;)
Comment #58
dmitrig01 CreditAttribution: dmitrig01 commentedTested and it's good
Comment #59
chx CreditAttribution: chx commentedYes this is good. Someone visits this screen and then adds a #description to her #type markup expecting something like on this screen and that won't be. That's why I asked for a separate key. Microoptimization of the day: empty is faster than is_null.
Comment #60
webchickOk, since #permission_description is nasty, I talked to chx about this some more, and it turns out what I actually want here is '#type' => 'item' instead. '#type' => 'markup' is quite literally "spit this out and nothing else."
The only hitch is that for some reason there's a no-wrap class on .form-item so I canceled that on the permission form only, so the table doesn't look ooglay.
Comment #61
webchickHm. Crap. That CSS hack is not working.
Comment #62
webchickOh there we go. The opposite of nowrap is not wrap, it's normal. :P
Comment #63
chx CreditAttribution: chx commentedNice job. The hidden gems of fapi like #type item. :)
Comment #64
webchickOk one last (really, last!) re-roll. kkaefer wasn't sold on the "cancel own vote" description, so it has now been changed to... *drumroll*
"Retract and optionally change own votes"
Ta-da!
Since this was a decision based on various people present in #drupal, it counts as reviewed, and therefore patch is still RTBC. ;)
Comment #65
dmitrig01 CreditAttribution: dmitrig01 commentedComment #66
birdmanx35 CreditAttribution: birdmanx35 commentedJust want to add in a huge plus one here, I tested it out and it works great. One possible suggestions:
Block Module: For the Administer blocks permission, perhaps it should mention the fact that it allows you to create blocks, too.
Comment #67
Dries CreditAttribution: Dries commentedCouple of comments:
* I spent 3 minutes searching for a setting that allows me to turn off the descriptions. Couldn't find it, gave up. Can we make the compact mode easier to spot? Am I blind?
* I like the descriptions on the permissions page but I found the original names to be mostly redundant. It's a bit cluttered now. I'm not sure we nailed the presentation bit. Giving it a bit more thought.
Comment #68
webchick@Dries: There's a "Hide descriptions" link in the upper-left corner of the page, below the help text. It's not real obvious, but it is in the same place as the one on ?q=admin. Do you think if this was moved to the upper-right on both pages that it'd be easier to spot?
Some of the permissions are simple and do mostly one thing, and in those cases the descriptions are indeed a bit redundant and only there for consistency. But we also have an awful lot of permissions that aren't immediately obvious what they do (administer nodes, use PHP for block visibility, etc.). Bear in mind too that we already know what these permissions do, so the text is definitely redundant for us, but new users can use a bit of a hand figuring stuff out.
EDIT: I also thought of adding a title attribute to the permission names (or something similar) so the descriptions only show on mouseover, but the problem there is that a) it's inconsistent with the way we do descriptions everywhere else, and b) it's more work for a newbie to have to move their mouse around to figure out what everything does.
Comment #69
Dries CreditAttribution: Dries commentedI like the descriptions, but I found myself not reading the _original_ permission names anymore. It's minor but I'm wondering if other people observed that as well.
Oddly enough, I don't get a 'Hide description' link in the upper-left corner of the permission page. Odd.
Comment #70
keith.smith CreditAttribution: keith.smith commentedYes, something is odd with this. With the patch applied, I have no "Hide descriptions" link on the /admin page or on the permissions page (I have one on the /admin page with the patch reverted). If, without the patch, I select "Hide descriptions", then apply the patch, permissions descriptions are hidden (the system is in compact mode) but I still don't get a "Show descriptions" link.
Comment #71
webchickAh, you probably need to clear your caches @ admin/settings/performance. I had to add a new theme function.
Try that, and if it still doesn't work, let me know and I'll futz some more.
Comment #72
keith.smith CreditAttribution: keith.smith commentedYes, that fixed it! Thanks webchick, I didn't think about that at all.
Back to RTBC.
Comment #73
Dries CreditAttribution: Dries commentedD'oh. Works now. I've decided to commit this to CVS HEAD. Thanks all!
Comment #74
kkaefer CreditAttribution: kkaefer commentedUpdated the handbook: http://drupal.org/node/224333
Comment #75
webchickGasp! Wow, THANK YOU! :D And thanks kkaefer for writing the docs! :)
Comment #76
Crell CreditAttribution: Crell commentedOMG! This finally made it in! webchick, you rock!
Comment #77
kourge CreditAttribution: kourge commentedOh yay! Congrats webchick!
Comment #78
webchickHey, thanks. :) kkaefer deserves most of the credit though; he did most of the work, I just updated it for 6 and lobbied for it. :)
Comment #79
kkaefer CreditAttribution: kkaefer commentedOh, I just realized that I actually wrote descriptions for the permissions back in 2006. But coding is one thing, purusing and testing the patch is another, maybe more important aspect. Thanks webchick and all the reviewers and rerollers!
Comment #80
Anonymous (not verified) CreditAttribution: Anonymous commentedAutomatically closed -- issue fixed for two weeks with no activity.
Comment #81
Senpai CreditAttribution: Senpai commentedBookmark.
Comment #82
Gábor HojtsyThis fix brought up the broken localization support for permission names even harder. I've submitted a patch to suggest a solution at http://drupal.org/node/313213 Please review!