Download & Extend
Views Bulk Operations (VBO) » Issues

Create a read-only email action

Posted by colin_young on October 21, 2011 at 2:45am
Project:Views Bulk Operations (VBO)
Version:7.x-3.x-dev
Component:Core
Category:support request
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

Is there a way to create a rule component for VBO that will simply send an email with a list of node ids/titles that doesn't require update permissions? I am trying to create the ability for a logged in user to send a request by email containing a number of nodes, but the cannot have the ability to edit those nodes. I started to figure things out over in the Rules forum (#1301940: Permissions required to perform action?), but I think it's more of a VBO issue.

Login or register to post comments

Comments

#1

Posted by bojanz on October 21, 2011 at 10:02am

Every rules component, no matter what it does, requires update privileges.
That's hardcoded on the VBO side, and I don't what I can do to make it any different. A component can do anything...

#2

Posted by colin_young on October 21, 2011 at 11:50am

That's what I was afraid of, though it's perfectly reasonable.

What if there was a way to create a custom permission (e.g. 'execute') for components? Is there some way that could be communicated to VBO so that if the component had a custom permission, check if the current user has that permission, otherwise fall back to the update permission? If so, any ideas on how that permission could be communicated to VBO?

#1217128: limiting Rules components to specific permissions seems to be related. Although it's all about restricting access, that's probably the place we'd be looking to add new roles.

In the meantime, I think I'm going to hack something into a private fork of VBO so I don't need to open up update permissions to all (I've only got a single component, so it shouldn't be too dangerous). I do think the ability to expose custom execute permissions on components is a good long-term solution since I can imagine a number of scenarios where one might want to create components that perform various actions on nodes, but not grant full update permissions to roles that are allowed to execute the action.

#3

Posted by bojanz on February 6, 2012 at 3:21pm
Status:active» fixed

Closing this issue.

More granular access permissions are still in progress. The Rules issue is almost done, and might help.
There's also #1334088: Execute as User 1 on the VBO side that I plan to implement.

#4

Posted by System Message on February 20, 2012 at 3:30pm
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

nobody click here