Closed (won't fix)
Project:
Flag
Version:
6.x-2.x-dev
Component:
Flag core
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
10 Nov 2009 at 19:31 UTC
Updated:
10 Aug 2012 at 08:03 UTC
Jump to comment: Most recent file
Comments
Comment #1
sirkitree commentedFlag2 has an access check function now which will be utilized in Flag Friend2.
I'll keep this open for now and move it to the 2.x branch when i start that, which will be very soon.
Comment #2
timlie commentedSubscribing to this feature request.
Comment #3
crea commentedSubscribing.
Comment #4
crea commentedMoving to 2.x
Now the question is what is the proper place for such functionality ? Perhaps it should be separate module so other user flags could benefit too ?
Comment #5
crea commentedSome thoughts on features and UI:
- checkboxes to select "roles allowed to be flagged using this flag"
OR
"roles can't be flagged using this flag" - probably better since we must be able to exclude admins but include users.
- checkboxes "let following user roles decide whether they like to be flagged using this flag". When it's selected, user is presented with checkbox (in account settings or somewhere else) "Let others flag me". Ofcourse, exact text should be customizable per-flag.
Since there's already Flag access fieldset with "roles allowed to use this flag" it's good candidate to form_alter into.
Comment #6
crea commentedMoving to Flag module because it seems to be general feature that could be useful to all "user" flags and not just to Flag Friend.
Comment #7
quicksketchI don't think this is a very common use-case. Providing "exclusion" checkboxes by role is a confusing UI concept. Any time you "check the box to disable something" it's a difficult concept for users to understand. However in the case of roles, things are compounded further by the fact that users have multiple roles. So if you had a user that was both an "moderator" and an "editor", the user might end up being excluded from flagging because they are an "editor", when the "moderator" role should be allowed. Typically role assignments are compounded together. So a user being any of the specified roles would match.
Comment #8
crea commentedOk will you accept patch that implements this in "enable roles" way ? I'm already working on it.
Comment #9
crea commentedAttaching first version of patch. This patch only implements "target roles" for user flags. This may need additional work depending on #720672: Make $flag->access (and _multiple) act in a consistent manner cause I find current situation with access overwriting too messy.
Comment #10
crea commentedFixed bug with action not set properly. Also created new convenience method $flag->get_action_by_status
Comment #11
crea commentedAdded (minor) user roles sanitization as recommended by security team.
Comment #12
crea commentedReordered some checks. Cosmetic changes to comments
Comment #13
crea commentedLet's wait for #720672: Make $flag->access (and _multiple) act in a consistent manner to get in then reroll this.
Comment #14
quicksketchI'm uncertain about this as a feature request. It seems like possible, but not at all common, situation to accommodate for.
#720672: Make $flag->access (and _multiple) act in a consistent manner is ready to move forward when you get a chance to review.
Comment #15
crea commentedCommon usecase: exclude admins/moderators from being flagged.
Comment #16
joachim commentedI think this would be best handled in a separate contrib module; the flag access API makes this possible now.