Scenario: Let's say that the admin create and add the site global account. Regular users is given permission to use this when they create new posts to update the twitter stream. They are not allowed to create new global account, only add their personal. To me quite a normal setup for small/mid sized site.
Problem: Regular users now see the global twitter account at /user/[uid]/edit/twitter, they are allowed to change it and event delete from the site.
Solution: The global users account should not be listed under /user/[uid]/edit/twitter, this only confuses and we need to make sure that they are not allowed to change/delete the account.
How do we solve this? Dunno, perhaps by having a new access setting:
"Edit global accounts"
"Delete global account"
Comments
Comment #1
dRaz commented+1 big issue for me
Comment #2
steinmb commentedComment #3
steinmb commentedI think this also is related:
Scenario
Problem
The twitter account is correctly removed from Drupal-user2 user profile but is also removed from all other users that had this account added.
Edit: Looked at the twitter_account table description, and see that we are using the twitter_uid as 'The unique identifier of the {twitter_account}.")' so if two or more more users add the same account it simply get overwritten by the last user that added the twitter account. To me is this this not expected behavior.
Comment #4
Ourgateshead commentedIs there any progress on this.
This is a serious issue for me. I can't allow users to add their twitter accounts (a funtion that has been requested) as someone will at some point delete the global account
Comment #5
steinmb commentedPls. don't change the version. Patches and reviews is first added to dev. and then committed to be part of the next beta or rc.
I'll agree that this is not a good idea and it need to be fixed. Patches are welcome.
Comment #6
davidneedham#3 is a separate issue and should be created in a different ticket if it's still an issue.
"I'll agree that this is not a good idea and it need to be fixed. Patches are welcome." :-)
Comment #7
dddave commentedComment #8
xurizaemonComment #9
damienmckennaFYI "needs work" is only for when there's an actual patch file that needs to be further improved, it isn't a general flag to say "there's a problem that needs to be worked on" :)
Comment #10
damienmckennaWe can either change the system to only allow each Twitter account to be used once, but then have to work out how to handle existing installs that have the same account used by multiple people, or add some extra logic to twitter_account_delete() to only delete the tweets if the account was only in use by one user.
Comment #11
damienmckennaComment #12
damienmckennaThis was fixed in #1895472: View and edit other user's twitter account settings.