Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When trying to narrow down editory rights for Fieldable panel panes, the revision rights (create, edit and delete a revision) are linked to both the 'delete' and 'administer' panels pane right. In practice one would want them to be seperate so more fine-tuned settings would be available.
For instance now it not possible to let a user change the revision of the pane but not let them delete the pane. Or am I missing a setting?
Comment | File | Size | Author |
---|---|---|---|
#17 | fieldable_panels_panes-revisions_crud_perms-1528904-17.patch | 10.1 KB | ron_s |
#4 | fieldable panels pane permissions.png | 73.95 KB | Argus |
Comments
Comment #1
merlinofchaos CreditAttribution: merlinofchaos commentedThat's odd. What, specifically, is linked to the delete right, do you know?
Comment #2
Argus CreditAttribution: Argus commentedBesides the delete right also the revision right (@ admin/structure/panels/entity/view/%/revision): where all the revision actions are available: display, edit, delete, make current.
Comment #3
merlinofchaos CreditAttribution: merlinofchaos commentedOkay so the revision list is attached to the 'administer' permission. It has nothing to do with 'delete', and I can't find anywhere in the code that it might be. Unless you mean that 'administer' includes 'delete' which is typical of an administer permission?
Comment #4
Argus CreditAttribution: Argus commentedI attached a screenshot from the /admin/people/permissions page. With these settings the authenticated user (middle row) can change the revisions. When I disable the "Delete Panels pane" checkmark, the authenticated user cannot change the revisions.
The "Administer fieldable panels panes" setting also gives this permission.
Comment #5
merlinofchaos CreditAttribution: merlinofchaos commentedOkay, I see what I did. I think the menu item must've been cut & pasted from delete.
So the real question is, what flag should that actually be. Need to check node and see what it does.
Comment #6
merlinofchaos CreditAttribution: merlinofchaos commentedOk, node.module has an overall 'view revisions', 'revert revisions' and 'delete revisions' that is global. I could duplicate that, but I'm wondering if I should make it per bundle type.
Comment #7
Argus CreditAttribution: Argus commentedIt is feasible that a different bundle type could require different permissions. That would give us a very fine grained access policy. So yes imho.
Comment #8
awebb CreditAttribution: awebb commentedI would definitely be in favor of the granular bundle permissions myself.
Comment #9
Jason Dean CreditAttribution: Jason Dean commentedI'm just getting my head around this, but noticed that 'create new revision' seems selected by default.
My site doesn't use revisions so I want user to be able to deselect, which requires the 'Administer fieldable panels panes' permission. But I don't want them to be able to delete.
Comment #10
merlinofchaos CreditAttribution: merlinofchaos commentedThe simplest thing to do is implement hook_form_alter and change the #default_value of that flag to 0.
Comment #11
dajjenHi I'm also interested in this functionality. Has anyone a patch for this?
Comment #12
DamienMcKennaI would favor having a generic set of revisions permissions but using them in tandem with the other CRUD permissions to identify the user's access.
Comment #13
ron_s CreditAttribution: ron_s commentedI've found a bug related to this issue. In
hook_menu
, the Revisions menu item (admin/structure/fieldable-panels-panes/view/%fieldable_panels_panes/revision
) is displayed if a user has the Delete permission for a given FPP entity, but throws a WSOD if the user clicks the menu item and does not have "administer fieldable panel panes."Comment #14
ron_s CreditAttribution: ron_s commentedHere's a first pass at creating a generic set of revisions permissions, in tandem with existing FPP entity access. Let me know your feedback, thanks.
Comment #15
ron_s CreditAttribution: ron_s commentedAttached is an update to #14. It includes a function to assign "view fieldable panels panes revisions" to all roles with "administer fieldable panels panes."
My preference would be to have the
fieldable_pane_entity_revisions
view permission use conditional logic, but obviously this is not possible. The next best option is to give it the "view fieldable panels panes revisions" perm, and make sure each admin role has the same perm.If we wanted to take this one step further, could make "view fieldable panels panes revisions" selected and disabled if "administer fieldable panels panes" is set. I don't know how else we can avoid the WSOD.
Comment #16
DamienMcKennaThis sounds good, but I think we need to add some tests to confirm what should happen.
Comment #17
ron_s CreditAttribution: ron_s commentedDamien, thanks for the feedback. Anyone available to help write some tests? I'm super busy at the moment.
Attached is an update to #15. Only change is modifying the
.install
update from 7115 to 7117. This accounts for the new 7.x-1.11 release.Comment #18
ron_s CreditAttribution: ron_s commentedAfter reviewing patch #16 on Issue #2390145 (https://www.drupal.org/node/2390145#comment-11633601), it seems as though there needs to be some additional coordination.
Both patches modify the same code, but for different reasons.