Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hi Irakli,
So far you have done an amazing job picking up where Merc left off, mad props to you!. I'm very happy with the progress we all together have made so far. However our node access module REALLY needs looking at. I wonder if this is something you would be willing to prioritize when you get back in to the swing of things. Attached is a screen shot of our current access module, with_only_ one relationship enabled, namely 'fan', it is twice the isze if not bigger if two relationships are enabled.
As you can see it already takes up quite a large piece of real estate. The options available are mostly unnecessary, e.g. update access and delete access. Maybe we could make an admin setting to control which we'd like to have shown. Mostly the view access is needed, maybe have a default 'on' for that permission. Also, radio buttons might not be the way to go. The layout seems cumbersome and clunky in this way.
I'm attaching a second screen shot which shows a privacy access system with a different approach. I'm hoping we can go that road instead. The methodology is reverse. In the sense that friendlist evaluates the various relation states and gives option on how to act on them, the second screen shot shows an approach to evaluate the permission state and give the option who can act on them. It seems to make more sense, I'm not sure if this can be achieved with Drupal node access system, but I sure do hope so.
This task request is way way out of my league, but I do see the need for it in order for the module to have successful access integration. Do you agree? If so, would you be willing to give a stab at it?
I'd be happy to hear your thoughts on this...
Regards,
Marius
| Comment | File | Size | Author |
|---|---|---|---|
| good_access.jpg | 11.12 KB | mariusooms | |
| bad_access.jpg | 37.03 KB | mariusooms |
Comments
Comment #1
davidseth CreditAttribution: davidseth commentedBig +1 for the idea.
I have been digging a lot into Friendlist, Activity Log, Views API 2 and hook_access & nodeapi. I think what you are proposing is possible. I have only briefly looked at the access code for FR so I don't know for sure. I think the current way is very Drupalish, but not very useable by mere mortals ;)
I hope this one advances up the food chain. Would bring a lot of value to this already amazing module!
Cheers,
David
Comment #2
irakli CreditAttribution: irakli commentedComment #3
irakli CreditAttribution: irakli commentedThank you Marius.
I agree that the interface looks cumbersome. I also agree that having "update" and "delete" permissions separately is excessive. I also like the UI you attached.
I think we need two dropdowns:
People who can view this node: [multiple-choice dropdown]
People who can edit this node: [multiple-choice dropdown]
And each drop-down could have following choices:
1. My Friends
2. My Followers
3. People I Follow (some serious brown-nosing going here LOL)
4. Only Me (Case of narcissism :-) )
Makes sense?
Comment #4
irakli CreditAttribution: irakli commentedComment #5
mariusooms CreditAttribution: mariusooms commentedHi Irakli,
I can't tell you how happy I am you are prioritizing this one!
Looks good, except one thing, which I actually just figured out today talking to one of our users. Number 2 of the dropdown, My Followers, is not needed. Since Friendlist has no confirmation system for one way relationships anyone can follow without authorization. So even if you set something to private whether it is editing or viewing, a user could follow in one click and suddenly have access to what you set private initially. Number 3 however, ' People I follow', would be considered a group of people that you have selected personally and also have control over to remove them from your following list. I think that is also why the system of that screenshot opted out for that selection.
Sorry for the lengthy explanation. just sharing thoughts I gained on this yesterday :)
Other than that, I like the idea of both editing and viewing and the setting for only me.
Finally would it be possible to set a default in the admin settings per content type? So if one has a collabartive content type it could be edited by default, where personal content types are not editable by default.
Thoughts?
Please let me know if there's anything I can do.
Regards,
Marius
Comment #6
irakli CreditAttribution: irakli commentedHeh, good point re: followers, but that's true only if you consider this purely a security system.
Making something viewable only by followers, can give people big incentive to become your followers and depending on what kind of business model a site has, that could be monetizing opportunity for you :) So you definitely may have a need for such feature, I think.
I agree, it would be nice to have "global" settings per content-type.
Comment #7
mariusooms CreditAttribution: mariusooms commentedAhhh, right...I indeed was looking at it from a security perspective, I stand corrected. In case you have both those options, should you also have a another? Namely 'Both followers and following'? That might complicate things again as people really have to start thinking about the various options. Another system that I have seen, which brings up an interesting concept, is that friends are actually established on a one way relationship when the status is set OW_BOTH. In other words, our Number 1 'My Friends' could either be OW_BOTH or TW_BOTH. Than you wouldn't need 'Both followers and following'. I'm not sure what would be a good approach.
Also, you need a fifth option called 'Everyone'. The reason is dropdown select boxes are hard to deselect. So if something was selected as "My Friends", but later you wish to mark it "Everyone", how would you do that without that option?
Thanks,
Marius
PS. I'm exited about this!
Comment #8
halver CreditAttribution: halver commentedI'm very interested in this too. Thanks for the great module.
Comment #9
irakli CreditAttribution: irakli commentedI will be working on this over the weekend, so hopefully we will have something next week.
Comment #10
mercmobily CreditAttribution: mercmobily commentedHi Irakli,
You are back! Thanks a lot :D
I must say, I am not very user-oriented when it comes to interfaces. That's why the interface is quite so cumbersome.
I trust iraklii, and I think he will do it right. Some of the strings there are there because they are defined by the module. Right now it's very granular: "You are a follower" means that people you are fans of will be able to have access. "Viewing a follower" means that people who are your fans will have access. "You are followers" means that only if you are reciprocal followers access will be granted.
Same for delete and edit: I know it looks a little too granular, but still... it's nice to have the option.
Of course, when there are 2 way relationships, there are even more options! And again, yeah, maybe too many.
I guess what I am saying is this: to keep things sane, I would find a way to make the interface better, but without crippling functionality and making the underlying structure too simplified. Is that possible I don't know.
Maybe we could give the option for two interfaces: the current one, or something more basic with fewer options -- and if that one is set, then the backend will get the data, and will "fill the blanks" that the dumb interface didn't give as options (if there is any need).
Just my 2c!
Merc,
Comment #11
mercmobily CreditAttribution: mercmobily commentedComment #12
mercmobily CreditAttribution: mercmobily commentedComment #13
mbequelman CreditAttribution: mbequelman commentedHas this issue been resolved?, I agree with this discussion but I'm not sure if this was updated yet or not.
Thanks,
Mabel