In almost all situations, users who have access to "Edit" their account will have access to edit their subscription. Likewise any administrator who has the ability to edit account of others will likely be able to edit the subscriptions of others. Rather than adding 5 different permissions for "edit own account", "view own account", "edit all accounts", etc. let's eliminate all of them in favor of a single permission for accessing the "Subscription" tab. This has added benefits:
- Works on any content, not just users.
- Works with any node access control system, such as OG or Taxonomy Access.
- Simplifies configuration.
Besides removing the excessive permissions, we should also eliminate "edit subscription plans", which does nothing but hide or show an administrative link that goes to Recurly.com. Considering not all Drupal users will have administrative accounts on Recurly.com, it seems strange to attempt to bind this permission to a role. And once again, removing it will simplify configuration.
| Comment | File | Size | Author |
|---|---|---|---|
| recurly_remove_unnecessary_permissions.patch | 10.28 KB | quicksketch |
Comments
Comment #1
quicksketchThis patch also removes the strange front-end presentation for editing and managing Recurly accounts on the View version of user accounts, now that all options are moved under the Subscription tab.
After one more look, I've committed this patch to the project.