When trying to narrow down editory rights for Fieldable panel panes, the revision rights (create, edit and delete a revision) are linked to both the 'delete' and 'administer' panels pane right. In practice one would want them to be seperate so more fine-tuned settings would be available.

For instance now it not possible to let a user change the revision of the pane but not let them delete the pane. Or am I missing a setting?

Files: 
CommentFileSizeAuthor
#4 fieldable panels pane permissions.png73.95 KBArgus

Comments

That's odd. What, specifically, is linked to the delete right, do you know?

Besides the delete right also the revision right (@ admin/structure/panels/entity/view/%/revision): where all the revision actions are available: display, edit, delete, make current.

Okay so the revision list is attached to the 'administer' permission. It has nothing to do with 'delete', and I can't find anywhere in the code that it might be. Unless you mean that 'administer' includes 'delete' which is typical of an administer permission?

StatusFileSize
new73.95 KB

I attached a screenshot from the /admin/people/permissions page. With these settings the authenticated user (middle row) can change the revisions. When I disable the "Delete Panels pane" checkmark, the authenticated user cannot change the revisions.

The "Administer fieldable panels panes" setting also gives this permission.

Category:feature» bug

Okay, I see what I did. I think the menu item must've been cut & pasted from delete.

So the real question is, what flag should that actually be. Need to check node and see what it does.

Ok, node.module has an overall 'view revisions', 'revert revisions' and 'delete revisions' that is global. I could duplicate that, but I'm wondering if I should make it per bundle type.

It is feasible that a different bundle type could require different permissions. That would give us a very fine grained access policy. So yes imho.

I would definitely be in favor of the granular bundle permissions myself.

I'm just getting my head around this, but noticed that 'create new revision' seems selected by default.

My site doesn't use revisions so I want user to be able to deselect, which requires the 'Administer fieldable panels panes' permission. But I don't want them to be able to delete.

The simplest thing to do is implement hook_form_alter and change the #default_value of that flag to 0.