Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.the function user_access() uses one string: as permission-key and as user-interface string.
This is both dangerous, and inflexible. Dangerous because a wrong translation can open up critical permissions to the wide world. Inflexible because it limits what one can send to the screen: for example this flexinode (patch)issue forces us to make permissions such as 'create flexinode_1 content', instead of the much friendlier 'create blog content'. And please: do not use this thread to prove that the example-issue above can be solved without modifying core: it is only an example!
The solution is simple: we need to fix the design flaw 'permission key === interface string'. The easiest, and IMHO best solution is to pull apart the key and the string:
A permission registration would then be:
$perms['create_'. $name .'_content'] = t('Create new %name', node_get_name($name));
$perms['edit_user_data'] = t('Edit user data');
Comments
Comment #1
pasqualleComment #2
berdirPermissions now have a string that is displayed and a description.
(Sorry for pinging the participants, I'm trying to clean up a few old
issues)