Hi guys,

I'm wondering about the spam administration permissions. I noticed that I could give a person the right to administer spam, but that actually gives the person full rights to all the spam administration windows. I was thinking we could have 2 levels:

* All almighty administrator
* Spam administrator who can check whether a message is spam, but not tweak the spam filters, etc.

I suppose it was done the way it is for simplicity and because it is satisfactory in most cases, but I can easily imagine people having such a need.

The solution would be to add one permission 'administer filters', which would give you access the to admin/settings/spam pages, and use the 'administer spam' as just and only a way to administer the spam messages.

What do you think?

Thank you.
Alexis Wilke

CommentFileSizeAuthor
#3 spam-6.x-two_level_perms.patch4.93 KBAlexisWilke

Comments

gnassar’s picture

gnassar commented

I like this idea.

Only thing I have an issue with is naming -- Drupal standard for modules is that the full-admin permission for the module is "administer ". So "administer spam" is correct for the full-access permission with rights to all the filter admin pages and such. I know, it's inconvenient and the naming you suggest makes sense -- but it's a standard for Drupal, and diverging from that would probably throw off users.

How about leaving "administer spam," and adding a "mark content as spam" permission?

naught101’s picture

naught101 commented

There's no consistent convention really - look at node.module, it has "administer nodes" (analogous to Alexis' "administer spam"), and "administer content type" - which would be like the "administer filters"

Why not just have
* administer spam filters
* administer spam

AlexisWilke’s picture

AlexisWilke commented
Assigned: Unassigned » AlexisWilke
Status: Active » Needs review
Issue tags: +access permissions
StatusFileSize
new spam-6.x-two_level_perms.patch4.93 KB

naught101,

I agree that there isn't much of a convention... Yet, it is probably a good idea to use "administer" when you go under admin/settings/something and not use it when you can do something somewhere else (i.e. click the "Mark as spam" in a node or review the list of content.) So I think the named offered by gnassar aren't bad.

I'm attaching a patch. I suggest several people report that it works before we check it in.

There are the reports that I kept the same (i.e. 'administer spam' users have access to them; not the 'mark spam as content' users. But maybe we should have yet another permission 'view spam reports'.)

Thank you.
Alexis

P.S. 'administer filters' would have been a bad idea anyway because Core already includes Input filters...

cweagans’s picture

cweagans
He/Him
Primary language English
Location Boise, ID, USA
commented
Status: Needs review » Reviewed & tested by the community

I think this will do what we need it to do! Thanks for coding this up! :)

cweagans’s picture

cweagans
He/Him
Primary language English
Location Boise, ID, USA
commented
Issue tags: -access permissions +Spam hitlist

Tagging.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Issue summary: View changes
Status: Reviewed & tested by the community » Closed (outdated)

I am closing this issue, since Drupal 6 isn't supported anymore.