"Rearrange" permissions should be mentioned in documentation?
adam_b - October 1, 2009 - 16:00
| Project: | DraggableViews |
| Version: | 6.x-3.3-beta2 |
| Component: | Documentation |
| Category: | feature request |
| Priority: | minor |
| Assigned: | Unassigned |
| Status: | active |
Description
I'm using the book-handling component of Draggable Views, and by default everyone gets tabs for View and Rearrange. This might be logical in some situations, but it would be useful to have this in the user permissions area.
I've worked around it in the meantime by restricting the view access.
#1
From my point of view:
The permissions to all the views displays are controlled via access-plugins - a great idea (e.g. to prevent long lists on the permissions page). Why should we break the views concept for this particular case?
I would have to code a new views-access-plugin that does exactly the same as the existing access-plugin does, except that it checks for Drupal-permission too. Does this make sense?
Can't we call it "the way it should be done" instead of "work around"? :)
Tell me when I'm wrong,
greetings,
sevi
#2
Fair enough... I suppose I haven't often used Views alternatives which allow general users to change data (eg Views Bulk Operations), so I'm not accustomed to having anonymous users able to affect content.
I'll concede your point, if I can suggest that this could be mentioned somewhere in the documentation :)
#3
Well, you've got me thinking, so now I agree to your first post partially. I'm not entirely happy with the current situations too.
I think permissions-stuff can be very complicated. Everyone needs an individual configuration. Let me use the book handler for arguing:
Site administrators might want usergroup1 to rearrange book A (or only parts of book A as it would be useful e.g. on drupal.org documentation). And they might want usergroup2 to rearrange book B.
Very customized access plugins would be involved as a consequence. I'll never be able to satisfy all of them. Other modules should care about that.
Maybe there should be a default access plugin configured (role=authenticated user) in the "draggablebooks" view. So anonymous users wouldn't be able to change data by default.
Sounds useful?
#4
Oh, I can see your point - it's just that the projects I'm working on are all very editorially-controlled, so as I said, anonymous users in my world don't get much input.
I agree that permissions are already pretty complex, so that's why I just thought that a mention in the DV documentation could cover the basic possibilities.
#5
Subscribing - I just installed this and am astounded that an unregistered user is automatically allowed to affect content. It almost doesn't matter how many features you pack in or how useful this module is, if I can't restrict it from anonymous users, I cannot use it.
#6
It would make sense to use the already existing permission "DraggableViews: Allow Reordering" by default.
Patch attached.
Greetings,
sevi
#7
Using current Dev - registered users are getting a rearrange button on all content. I have checked perms and Draggable Views: Allow Reording is off for them and anonymous. Need some help, thanks
#8
I updated the documentation page (http://drupal.org/node/580074): Advise the user of missing access plugin and added "What you should be aware of" section.