There is no reason to check for "administer nodes" to provide an edit link. The node itself should be checked for edit access.

Comments

mstef’s picture

mstef commented

You can use node_access()

tdway’s picture

tdway commented
Title: Permissions for nodes not checked correctly » Alter permissions for nodes to use node_access
Category: bug » feature

I don't think this is a bug so I'm changing to feature request. We could use node_access instead, but I'm not sure you would want eazyedit links showing up in all cases where a user has node_access permissions. It seems more consistent to use 'administer nodes' since we are using other perms like administer blocks, administer comments, administer content types, etc. In order to make node_access work well we might need to introduce an eazyedit specific permission. So for example if an end user had permission to delete a node, but you didn't want eazyedit links to show up, you could accommodate that.

mstef’s picture

mstef commented

It doesn't matter to me. I'm just suggesting you use node_access() to determine if the given user has edit permissions. Most sites will only have 1 user that has admin nodes permission. Just seems more useful.

lhugg’s picture

lhugg commented

What is the status of this request? Mikestefff is right. The administer nodes permission is causing us all kinds of problems, since it would give ordinary content editors too much power.