Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I've created a new user in Drupal and attached it to a person record.
I've given all authenticated users access to:
Storm person: view own
and also
Storm person: access (although I have my own views created)
but the user cannot see his own person record listed (they see none listed).
Is this a bug?
Comments
Comment #1
Mark_Watson27 CreditAttribution: Mark_Watson27 commentedWell technically I wouldn't call it a bug, but it's probably misleading.
I believe the storm permissions for 'own' refer to items created by that user.
As this user didn't create his person record he can't see it.
So technically the code is working, but I can understand that in this case you'd presume they could see their own person.
Comment #2
tchurch CreditAttribution: tchurch commentedI understand.
If I wanted to manually (i.e. in the database) change who created the record (so that it showed that the user created his own record) where would I do it?
Thanks.
Comment #3
Mark_Watson27 CreditAttribution: Mark_Watson27 commentedI believe this is done via the author field, which I believe was resolved in #572358: Use a better way than CSS to hide node fields, but that's in latest dev.
Comment #4
Magnity CreditAttribution: Magnity commentedSounds like the permission names (or descriptions) need to be more helpful.
How about
- Storm Person: view when author ; and also changes for other modules. Simply a name change from the current view own.
- Storm Person: view when self; new permission for case described in this issue. I'm sure it is a common one.
There are probably better ways of expressing the names than that though.
Comment #5
Mark_Watson27 CreditAttribution: Mark_Watson27 commented@Magnity: Sounds good to me. The other approach would be to default the author of a person to the user referenced. I think this approach is used in other user modules such as content profile. It may help reduce the growing list of permissions.
Comment #6
Magnity CreditAttribution: Magnity commentedI'll take a look at content profile to see how its done there.
Alternatively, would it work to simply always grant the user access to their own record?
Comment #7
tchurch CreditAttribution: tchurch commentedI would suggest using new permissions. You might not want them to have access to view/edit their own record.
Comment #8
Magnity CreditAttribution: Magnity commented@tchurch, what did you think of Mark's suggestion in #5 too? How would that fit with your install as an example?
Comment #9
tchurch CreditAttribution: tchurch commentedI can see it working but it would mean that we no longer know who actually created the record.
We have multiple users who are allowed to create new people (under their own organisations) and I would prefer to keep the true author ID.
Comment #10
Mark_Watson27 CreditAttribution: Mark_Watson27 commentedThinking about it, I agree that keeping the two distinct is the logical route.
Comment #11
Magnity CreditAttribution: Magnity commentedCommitted
Comment #12
deggertsen CreditAttribution: deggertsen commentedI realize that there is quite a growing list of permissions for storm but I personally feel that this module needs a very diverse set of permissions so that the administrators have the maximum control possible. Yes, it's annoying to have so many permissions but it's even more annoying to not have the permissions for what you want to allow/restrict.
Comment #13
Magnity CreditAttribution: Magnity commentedYes - it degrades the experience for the new user (more settings to be confused by), but once set, they're set, so shouldn't affect normal use.