Hi, I really like this module. Thanks for your work.

I wonder is it possible to set permissions based access on a per Custom Contextual Link basis?

Usage example, I have a view, and I'd like to display a CCL for the author of the node in which this view is being displayed (or indeed, anyone with editing rights on that node).

Could this be possible?

(currently on dev from 2012-01-08)

Comments

bkoether’s picture

bkoether CreditAttribution: bkoether commented
Status: Active » Postponed (maintainer needs more info)

Hi ddunn,

Possible, yes, but the question is how far you want to go.
Should this access control based purely on roles or would you like to see go down to the 'per user' level?

I thought about implementing this beforehand but would like to get some more input about what people exactly would like to see.

circuscowboy’s picture

circuscowboy CreditAttribution: circuscowboy commented

I am quite happy how the permissions already work. If you put a link to add content it will only show up to people who have that privilege. CCL checks page access before displaying. If the author of the node had edit own and only people needing access had edit any CCL should work out of the box - Please correct me if I am missing something.

mikeybusiness’s picture

mikeybusiness CreditAttribution: mikeybusiness commented

I think I would be happy with something similar to the block system. While creating a new custom link, I would love to select a role that can see the custom link.

A common thing that I am using CCL for is adding content (node/add) from a view.
When I turn on Contextual links for a role, they can see the custom contextual links for all views that have them. This occurs even if they don't have access rights to add content that the view is listing.

That being said, I am sure that there are more granular needs. I could see some way of hooking ccl into to the context module for more powerful applications.

Thanks for the module. It's handy-dandy!

bkoether’s picture

bkoether CreditAttribution: bkoether commented

Hi mikeybusiness,

As circuscowboy pointed out, every link goes through access control, meaning if you create a CCL that points to 'node/add/news' only roles who can actually create this content type will be able to see this link. So even if you attach a CCL to view, your basic permission setup will determine if a user with a certain role can see the link, which means that what you describe here

When I turn on Contextual links for a role, they can see the custom contextual links for all views that have them. This occurs even if they don't have access rights to add content that the view is listing.

should not be possible.

The one thing that I want to avoid is that CCL would open up the opportunity to bypass the core access control system.

bkoether’s picture

bkoether CreditAttribution: bkoether commented
Status: Postponed (maintainer needs more info) » Closed (works as designed)

No activity for over 3 months. Closing.