If you create a new content type, the administrator role does not get these permission automatically.

CommentFileSizeAuthor
#7 1005554.patch1.47 KBrobloach

Comments

mattyoung’s picture

Title: Administrator role does not get new content create/edit/delete permission automatically » Administrator role does not automatically get permissions

It addition to not getting the new content create/edit/delete permission, it seems the administrator role also does not get any new permission from newly install modules.

mr.baileys’s picture

Title: Administrator role does not automatically get permissions » Administrator role does not automatically get dynamically created permissions

I'm unable to reproduce the "permission not added when installing modules"-bit of this issue (tried it on a fresh RC3 and permissions for a newly installed module where correctly added to the Administrator role).

It is correct though that the Administrator role does not pick up dynamic permissions (those permissions that are generated in hook_permission per content type, vocabulary, etc.). I'm not sure how to fix this as there doesn't seem to be a way to pick up on newly created permissions.

mattyoung’s picture

>I'm unable to reproduce the "permission not added when installing modules"-bit of this issue (tried it on a fresh RC3 and permissions for a newly installed module where correctly added to the Administrator role).

what happen was I updated the module which included a new hook_permission in it.

I think we might also have this problem if module add new permission in new update.

scotwith1t’s picture

Title: Administrator role does not automatically get dynamically created permissions » Administrator role does not automatically get some dynamically created permissions
Priority: Normal » Critical

Wow, I'm really surprised this hasn't come up more. Fresh install of D7, no added modules, nothing. Administrator role has permissions to everything (duh). Add a new content type and/or taxonomy vocab and the permissions for that new content type (create, edit own, edit any, delete own, delete any) and for the new taxonomy vocab (edit terms, delete terms) are not automatically assigned to the administrator role. Ironically enough, many contrib modules do this just fine (views and ctools for example, admin gets administer views and bypass views access controls when modules are enabled. Flagging as critical cause this could confuse the crap out of new adopters!! Even more strange, you can still create these types of content as long as you have the admin role, even though the permission isn't checked. Tried with user 1 and added admin user as well.

scotwith1t’s picture

Priority: Critical » Normal

EDIT: changed back to normal, don't wanna ruffle any feathers, since technically it doesn't stop you from doing anything...

scotwith1t’s picture

Priority: Normal » Major

How 'bout somewhere in between...not critical, but major. Certainly not intended behavior. Maybe this will get some love now :)

robloach’s picture

Title: Administrator role does not automatically get some dynamically created permissions » Administrator role does not get new content type or vocabulary permissions
Status: Active » Needs review
StatusFileSize
new1.47 KB

It's better to be specific with issue titles.

steven jones’s picture

Version: 7.x-dev » 8.x-dev
Status: Needs review » Needs work
Issue tags: +Needs tests, +Needs backport to D7

I believe that the correct process is that bugs get fixed in D8, then backported to D7.

Also, this issue needs tests.

Désiré’s picture

I think this solution (#7) is wrong, because it will grant the permissions for all content types and vocabularies to the admin role, even if this permissions were taken previously.

Désiré’s picture

Oh, and it will grant all permissions if a node type or a vocabulary was edited...

scotwith1t’s picture

that's totally intentional. the idea is to have a role that has all powers and doesn't have to be maintained to keep that "user 1" power from drupal 6 (accomplished via admin_role module in D6). you just need to set up a new role with less permissions than the administrator role.

David_Rothstein’s picture