Closed (duplicate)
Project:
Drupal core
Version:
7.x-dev
Component:
usability
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
9 Oct 2008 at 18:18 UTC
Updated:
9 Oct 2008 at 18:25 UTC
The Permissions table (as in the grid at admin/user/permissions) could undergo a few simple changes to greatly improve usability.
I see from the hook_perm() page on api.d.o that D7 will add a human-readable title to permission strings. May I suggest further tweaks?
function hook_perm() {
return array(
'create foobar content' => array(
'#title' => t('Create Foobar content'),
'#description' => t('The user will be able to post Foobar content to the site. Granting this permission to anonymous users is a security risk.'),
'#warn_anon' => TRUE,
),
'edit foobar content' => array(
'#title' => t('Edit Foobar content'),
'#description' => t('The user will be able to edit all Foobar content, regardless of who originally posted it. Granting this permission to anonymous users is a security risk. Enabling this for non-privileged users is not advised.'),
'#warn_anon' => TRUE,
'#warn_auth' => TRUE,
),
'edit own foobar content' => array(
'#title' => t('Edit own Foobar content'),
'#description' => t('The user will be able to edit only Foobar content that they originally posted. Granting this permission to anonymous users is a security risk.'),
'#warn_anon' => TRUE,
),
'access foobar content' => array(
'#title' => t('Access Foobar content'),
'#descripton' => t('The user will able to access and view Foobar content.'),
),
);
}
You can probably see where I'm going with this. Aside from the one-line permission titles, there should also be longer descriptions which more clearly explain what the ramifications are for enabling the permissions. For l33t Drupalers, perhaps these descriptions could be hidden in much the same way they can be on the main admin page.
In addition, if #warn_anon or #warn_auth are set to TRUE (and, in the case of #warn_auth, people may register and acquire the "authenticated user" role without administrator intervention), the table cell which holds the check box at the intersection of the permission row and the respective role column could perhaps be given a red background or something like that. If we wanted to be truly annoying, checking the check box will fire a little jQuery magic which pops up a confirmation box. Maybe we could even toss up errors on the status page when likely poor permissions choices have been made.
I think changes along these lines would be very simple to implement - I'll gladly volunteer a few hours this weekend if nobody thinks this is a horrible idea - and would go a long way to making sure people aren't making unwise decisions when it comes to the permissions on their site.
Comments
Comment #1
damien tournoud commentedThis is a duplicate of #248598: Label permissions which are warned about in the user interface.
See also #310494: Allow grouping of permissions and #248598: Label permissions which are warned about in the user interface for some other ideas about the permission page.