Current the menu at admin/content/node uses the catch all permission "administer nodes". I propose that this page should be checking that a user has "access administration pages" and has editing permissions on at least one content type (either their own content, or all content of a particular type).
I've marked this as a critical feature because it's a real deal-killer for anyone with a collaborative editing environment where they want tiered editing roles. Any unpublished content completely falls off the radar without access to this menu, and even if it didn't, giving users a place to quickly search/sort content they have editing rights to is essential.
The only difficult part of getting this patch in is deciding what to do with the "update options" dropdown, as without full editing rights on all content it becomes difficult to know what update options to show for the specific content being listed. Also, should this page just display content a user can edit, or still list all content that is viewable by the user? I tend to go towards only content the user can edit, but it seems like there are potential usability pitfalls there.
I welcome any additional thoughts on this issue.
Comments
Comment #1
stevenpatzComment #2
tantenic commentedI just think about moving from Wordpress to Drupal. This is a feature i'm really searching for. I think it is not a problem,if there is no "update options" dropdown for non-administrators.
Comment #3
beeradb commentedSo - make this detect if you have both 'access administration menu' permissions, as well as editing rights to any individual content type, and if so, allow a user access to this page.
On the page, show all content that the user has editing permissions for, along with the filtering stuff we have now, and only display the checkboxes/"update options" in the event the user has access the 'administer nodes' permission set.
If no one has persuasive arguments as to why this shouldn't be done, I'll get on rolling the patch for it.
Comment #4
papile commentedI agree that this would be very useful. when someone has the "administer nodes" access it bypasses hook access for everything making it not possible to define settings on a per content type basis. checking should be done on a per module basis with hook access.
Comment #5
drewish commentedsubscribing. i'm banging my head against this in 6 right now. i think my hack is going to be lowering the permissions threshold with hook_menu_alter() and then using hook_form_alter() pull out some of the operations.
Comment #6
beeradb commentedthere looks to be more action over at http://drupal.org/node/301902
marking this a duplicate