Move global comment permissions to comment-type level

Created on 30 January 2013, over 11 years ago
Updated 24 May 2024, 23 days ago

Problem/Motivation

The work being done in #731724: Convert comment settings into a field to make them work with CMI and non-node entities will result in that comments can be used on any entity just by creating a comment field in the same way as adding a text field. It will also be possible to tailor each comment form used with other fields, making them perfectly adapted for each entity type used on.

But, there is one very big bottleneck that will severely block the usefulness of this new flexibility. That is that permissions are still globally set for all comment forms throughout the same site. This means that it isn't possible to:

  • Allow anonymous commenting on blog posts
  • Only allow comments for logged in users on articles
  • That comments to product must be approved before being visible

To take it further. A site might even need to have different commenting permissions for two different blog content types on the same site.

This permission control isn't just limited to the entity type itself. It should also be possible to override on individual entity items too. For example:

  • A blog post offering a giveaway for the right answer could then set the comments to that post to be approved before publishing.
  • The writer want to disable comments to a post about a sensitive topic.

This kind of detailed configuration simply isn't possible with global permissions.

Implementing the proposed solution below will not only make the comment module a lot more flexible, it will also give site-owners much more control over their site and who can do what and where.

Proposed resolution

First:

  • Remove the global comment viewing/posting permissions completely.
  • Split the "Administer comments and comment settings " into two:
    • Global comment administration
    • Configure comment settings

Then move all the comment viewing/posting permissions to the field configuration. Permissions needed for:

  • View
  • Post
  • Reply (new)
  • Skip approval
  • Approve comments (new)
  • Edit own
  • Edit all (new)

Anonymous, authenticated roles will be statically available. All other roles can be manually added to the field. If not added, the permissions for the authenticated is used unless the two new global comment permissions kicks in.

It should also be possible to set the default permissions in the global comment settings. Including adding more roles that then automatically are used for new comment fields.

There will also be a new setting for allowing overriding certain settings on individual items. Such as described in the examples above.

When enabled options are needed for:

  • What options can be overridden
    • Turn on/off skip approval
    • Disable/Enable commenting
    • Close/open commenting
  • Who can do it
    • Item author (overrides the need of the "Approve comments" perm)
    • Roles with the "Approve comments" perm

When for example disabling commenting or turning on approval, a custom, overrideable, message should be displayed instead. For example "Comments to this post has been disabled due to ....".

Here too, the global comment admin permission overrides all custom settings.

Remaining tasks

  • Create mockups with proposed UI changes
  • Implement the changes

User interface changes

TBD

API changes

TBD

Related issues

Assigned to: killes@www.drop.org #10426: Make comment permission more granular.

📌 Task
Status

Needs work

Version

11.0 🔥

Component
Comment 

Last updated 3 days ago

Created by

🇸🇪Sweden tsvenson

Live updates comments and jobs are added and updated live.
  • Usability

    Makes Drupal easier to use. Preferred over UX, D7UX, etc.

  • Needs product manager review

    It is used to alert the product manager core committer(s) that an issue represents a significant new feature, UI change, or change to the "user experience" of Drupal, and their signoff is needed. If an issue significantly affects the usability of Drupal, use Needs usability review instead (see the governance policy draft for more information).

  • Needs reroll

    The patch will have to be re-rolled with new suggestions/changes described in the comments in the issue.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024