Closed (fixed)
Project:
Nodequeue
Version:
7.x-2.x-dev
Component:
User interface
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
22 Jan 2008 at 23:08 UTC
Updated:
12 Jun 2011 at 01:00 UTC
Jump to comment: Most recent file
Comments
Comment #1
catchI just spent about 20 minutes trying to work out permissions weirdness, so bumping version and status - be nice to get this fixed up before a final release.
So - if you set the add/remove link in a nodequeue to a role via the checkbox, it only shows up if the user has "manipulate queues" permission. Although I haven't yet checked all variations. This is what I thought would happen:
1. any role where the checkbox is checked gets the links if set
2. any role with "manipulate all queues" permission gets the tabs, and the links if checked for their role
3. "manipulate queues" ??? probably access to tabs but to be honest I completely ignored it when initially setting up the module, and didn't think to look back there before I thought the checkboxes would work.
This is what I think actually happens so far, although it's probably still slightly wrong
1. Any role with manipulate queues gets the links and tab if they have the checkbox checked
2. The checkbox has no effect at all if a role doesn't have 'manipulate queues' permission (this is what confused me)
2. manipulate all queues gets all tabs, and links whatever happens
Ideally:
1. checkbox-per-role gives you access to the links
2. checkbox per role gives you access to the tabs - probably this would be set in the same place as the links permissions - on the nodequeue edit page
3. manipulate all queues/administer queues gives you everything all the time
4. 'manipulate queues' disappears because the above behaviour makes it redundant.
Comment #2
merlinofchaos commented'manipulate queues' exists as a performance saver.
If a role doesn't have manipulate queues, then the query for the tab doesn't need to be run.
Comment #3
joachim commentedAh... that makes sense :)
I don't see a way to make the names clearer, unfortunately.
What I'd suggest though is:
On the edit page for a queue:
- list only the roles that have 'manipulate queues'. This would give the admin user some feedback that 'manipulate queues' permission actually does something
- add some help text saying 'Only roles with 'manipulate queues' can be chosen here'.
Could you add a docs page to the handbooks on drupal.org for this module please, rather than a link to a readme elsewhere?
PS. And what about 'Check each role that can add nodes to the queue.'?
Comment #4
ezra-g commentedI am marking #264415: Role selection for nodequeue manipulation ignores "manipulate all queues" permission as a duplicate of this, since it describes a solution to this problem;
Quoting dww:
Earl/Merlinofchaos supported B. Please see #2 in the above mentioned issue for my thoughts on making this interface change account for Smartqueue modular access control
Comment #5
ezra-g commentedSorry about the mail spam...
Comment #6
ezra-g commentedComment #7
willmoy commentedI came intending to submit #4 above as a bug... sub. I don't think it can count as critical after all this time, though.
Comment #8
amateescu commentedClosed #1009478: "No roles" and "manipulate all queues" as a duplicate.
A good suggestion from that issue is to make the 'No roles have...' text more proeminent.
Comment #9
amateescu commentedAttaching patches that implement option B) from #4.
Comment #10
amateescu commentedCommited to 6.x and 7.x.
http://drupalcode.org/project/nodequeue.git/commit/294a050
http://drupalcode.org/project/nodequeue.git/commit/aee1a3e