This Module is really great!
I would like to have the ability to limit the users you can flag as friends to certain roles. Right now you can even bother administrators with your friend request.
Keep on rocking!

Comments

sirkitree’s picture

Assigned: Unassigned » sirkitree

Flag2 has an access check function now which will be utilized in Flag Friend2.

I'll keep this open for now and move it to the 2.x branch when i start that, which will be very soon.

timlie’s picture

Subscribing to this feature request.

crea’s picture

Subscribing.

crea’s picture

Title: Check for Roles to Flag » Permissions who can flag who
Version: 6.x-1.0-rc2 » 6.x-2.x-dev

Moving to 2.x
Now the question is what is the proper place for such functionality ? Perhaps it should be separate module so other user flags could benefit too ?

crea’s picture

Title: User flags: who can flag who » Permissions who can flag who
Project: Flag » Flag Friend
Component: Flag core » User interface
Assigned: Unassigned » sirkitree

Some thoughts on features and UI:
- checkboxes to select "roles allowed to be flagged using this flag"
OR
"roles can't be flagged using this flag" - probably better since we must be able to exclude admins but include users.
- checkboxes "let following user roles decide whether they like to be flagged using this flag". When it's selected, user is presented with checkbox (in account settings or somewhere else) "Let others flag me". Ofcourse, exact text should be customizable per-flag.

Since there's already Flag access fieldset with "roles allowed to use this flag" it's good candidate to form_alter into.

crea’s picture

Title: Permissions who can flag who » User flags: who can flag who
Project: Flag Friend » Flag
Component: User interface » Flag core
Assigned: sirkitree » Unassigned

Moving to Flag module because it seems to be general feature that could be useful to all "user" flags and not just to Flag Friend.

quicksketch’s picture

Title: Permissions who can flag who » User flags: who can flag who
Project: Flag Friend » Flag
Component: User interface » Flag core
Assigned: sirkitree » Unassigned

I don't think this is a very common use-case. Providing "exclusion" checkboxes by role is a confusing UI concept. Any time you "check the box to disable something" it's a difficult concept for users to understand. However in the case of roles, things are compounded further by the fact that users have multiple roles. So if you had a user that was both an "moderator" and an "editor", the user might end up being excluded from flagging because they are an "editor", when the "moderator" role should be allowed. Typically role assignments are compounded together. So a user being any of the specified roles would match.

crea’s picture

Ok will you accept patch that implements this in "enable roles" way ? I'm already working on it.

crea’s picture

Status: Active » Needs review
StatusFileSize
new4.33 KB

Attaching first version of patch. This patch only implements "target roles" for user flags. This may need additional work depending on #720672: Make $flag->access (and _multiple) act in a consistent manner cause I find current situation with access overwriting too messy.

crea’s picture

StatusFileSize
new5.41 KB

Fixed bug with action not set properly. Also created new convenience method $flag->get_action_by_status

crea’s picture

StatusFileSize
new5.57 KB

Added (minor) user roles sanitization as recommended by security team.

crea’s picture

StatusFileSize
new6.16 KB

Reordered some checks. Cosmetic changes to comments

crea’s picture

Status: Needs review » Needs work
quicksketch’s picture

I'm uncertain about this as a feature request. It seems like possible, but not at all common, situation to accommodate for.

#720672: Make $flag->access (and _multiple) act in a consistent manner is ready to move forward when you get a chance to review.

crea’s picture

Common usecase: exclude admins/moderators from being flagged.

joachim’s picture

Status: Needs work » Closed (won't fix)

I think this would be best handled in a separate contrib module; the flag access API makes this possible now.