Posted by rooby on June 12, 2012 at 4:48am
4 followers
Jump to:
| Project: | Login Destination |
| Version: | 7.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
Currently this module grants administration access to any users with the 'administer users' permission.
This is not ideal and it would be good to have a separate permission for 'administer login destination' or similar, so access can be more restricted.
Comments
#1
We should make use of existing features and not multiply them. A whole bunch of Drupal code behaves like this. You can always hack it if you need this specific behavior.
#2
Seriously?
Aren't administer users & administer login redirect two different things?
We already have the problem of drupal core permissions being too general, why make it worse?
What do you mean existing features?
The administer users permission isn't a feature it is a permission.
Does that mean all other modules should remove their own administration permissions and just use 'Administer site configuration' for everything?
Feel free to close this again if you still disagree but I can't see what you lose by adding a new permission (I'll even write the patch).
(please excuse my tired ranting :))
#3
Let me clarify. I base the judgment on my personal opinion and experience. I am pretty much tired of forgetting to add such admin permissions to the "admin" role every time I add new module. I do not see a reason why administering LD differs from administering the site, or users, it requires the same amount of trust. So if I can remove one line of code this way, I do it. And if I can make the configuration easier and more straightforward, I do it. I prefer using existing elements, behaviors, perhaps saying "feature" was a wrong choice of words. I think drupal already suffers from too much permissions, and too much modules, but this is still only my view.
LD even uses the PHP permission from the PHP module. So if you do not enable the PHP module you cannot write PHP in LD. It is a way of creating a secure and consistent system, I think.
Nevertheless, if you provide a reference to a guideline that says otherwise, I am willing to change my mind. Maybe I am missing a point.
#4
Great module... nice, simple and gets the job done (with one caveat).
I just came across this discussion while searching for a way to disable access to "Login destinations" for a client with limited site management options. When I deliver a site with specific core functionality (such as destination upon login), I don't wish to rely upon verbal communication... "don't play with option x or you will break your site," as it would be a bit unprofessional on my part.
Yes, the client can manage users and grant roles... they should not, however, change the expected workflow of the site. There is little choice but for me to customize the module to add such a permission, making future upgrades less easy and less straightforward. I'd rather set an extra permission than turn over a forked/custom module to a client.
Just another opinion... no guideline to cite, other than enhanced usefulness, professionalism and maintainability upon delivery. YMMV.
Thanks for sharing a useful module... now I'm off to hack it a bit to accommodate a "site manager" role (with limited admin).
#5
@drubeedoo:
Feel free to make a patch and submit it back here :)
Then it can be committed and you won't have to use a hacked version.
#6
Permission set/overridden with Custom Permissions module. All is good.
EDIT: See also Path Access or System Permissions modules as alternative options.