Currently, each flag stores its access to the flag and unflag actions as a list of roles in the flag object, and thus in the {flags} table.
This is arguably a bit crusty.
There are several good arguments for moving these over into regular user permissions:
- All permissions can be grouped into Features (I personally steer clear of permissions in Features, but that's just me :)
- The user permissions page gives a clear view of what a user can achieve; permissions hidden away in different modules' admin UI does not
- Storing role IDs in a flag doesn't seem like a terribly portable thing, and could lead to exported flags having the wrong roles.
- More philosophically, keeping what are effectively permissions inside a flag means that flag is managing its own permissions system rather than letting Drupal core do it. Yes, permissions aren't nicely exportable, but that's something that should be solved system-wide, not per-module.
Comments
Comment #1
joachim CreditAttribution: joachim commented#1525242: Allow using standard permissions table for flags