- π³πΏNew Zealand quietone
The Ideas project is being deprecated. As discussed in a core committer meeting issues that are adding modules are being moved to the Drupal CMS project for discussion.
- π¦πΊAustralia pameeela
This was on a list somewhere, but fell off. I think it probably belongs in the site template rather than vanilla Drupal CMS though because the permissions need to be specific to the roles provided. In theory, Drupal CMS could include it by default though and allow the templates to configure it.
- πΊπΈUnited States phenaproxima Massachusetts
Although I'm not the last word here, I'm against adding modules just so that they'll be there for site templates to use; it's trivial for a template to include a dependency on a module that it wants to use. If we can do some kind of initial configuration or value-add on top of Role Assign, that's one thing and I'm for it, but it doesn't sound like that's what's being proposed here?
- π§πͺBelgium svendecabooter Gent
FYI:
At this point in time I would suggest to include the https://www.drupal.org/project/role_delegation β into Drupal CMS, rather than https://www.drupal.org/project/roleassign β , given that the former is more actively maintained, and has a wider install base.This only if there is a need to include anything at all, as per phenaproxima's comment above.
- π¦πΊAustralia pameeela
I'm against adding modules just so that they'll be there for site templates to use
I am too, but considering making an exception here because this is a real "gotcha" in Drupal and it would be nice to provide a way around it OOTB.
- πΊπΈUnited States phenaproxima Massachusetts
If that's the case, then maybe we add it to a one of the basic recipes -- I'm thinking either
drupal_cms_admin_uiordrupal_cms_authentication, although neither one really fits the bill entirely. Maybedrupal_cms_starterwould be the right place. - π¦πΊAustralia pameeela
The fact that Role Delegation is a better choice (which I agree with) makes me even more inclined to add it, so there is consistency in solving this problem.
- π¨πSwitzerland berdir Switzerland
Setting up such a module in a secure way isn't straight forward. Specifically, you need to be careful that you don't allow your staff users access to edit admin users. We use https://www.drupal.org/project/userprotect β for that in combination with roleassign. Not sure if role_delegation needs that too or not.
There are also core issues to make changes on those permissions to make the whole thing more secure by default. See π [regression] User roles field access is inconsistent, users with 'administer users' permission can gain full access Needs work and β¨ Split 'administer permissions' into a new administer roles permissions Needs work (low 6 digits!)
I'm not up to speed on what roles Drupal CMS has by default, but IMHO, role assign/delegation isn't a feature on its own, merely a means to provide the staff-level role feature that can manage users with the same or lower level of access. That seems better suited to an optional recipe, bundled or not, than having it on/shipped by default?
- π¦πΊAustralia pameeela
IMHO, role assign/delegation isn't a feature on its own, merely a means to provide the staff-level role feature that can manage users with the same or lower level of access. That seems better suited to an optional recipe, bundled or not, than having it on/shipped by default?
Yes, that's correct, site templates would provide the roles and configure this sensibly. But if we include the module it eliminates the module selection process by the site template creator and consolidates usage to that module.
- π¦πΊAustralia pameeela
Doesn't seem like either of the core issues deals specifically with restricting the roles that can be assigned, although β¨ Split 'administer permissions' into a new administer roles permissions Needs work prevents non-admins from granting the admin role so IMO that would still be a big improvement and might mitigate the need for this.
