Contrib.social

Improve 'administer content' permission description

Open on Drupal.org →
Created on 12 January 2017, over 8 years ago
Updated 20 March 2025, 4 months ago

Problem/Motivation

It took me a long time to figure out what the Node - Administer Content (internally known as administer-nodes) permission was for. Documentation for it elsewhere is scarce and IMHO the title (which we can't change now, clearly) is misleading.

The description (after the usual "trusted role"' warning) reads:

Promote, change ownership, edit revisions, and perform other tasks across all content types.

To me, the title "Administer Content" implies full edit permissions, but that's not the case, e.g.:

  • It doesn't allow you to edit all nodes - you get no choices in the Operations column on /admin/content without individual create/edit/delete permissions for specific content type or the "Bypass Content Access Control" permission
  • It doesn't allow you to view or edit content types (/admin/structure/types) - that's what Administer Content Types is for (plus "Use the administration pages and help")
  • Attempting anything in the /admin/content Actions dropdown will also give a No access message - e.g. marking the content as sticky, promoting it, changing the publish state etc.
  • You can't access /node/1/revisions with Administer Content alone.

From my testing and checking the source code, it seems, providing I already have permission to edit a content type (without this you can't do anything), Administer Content gives me the Author (uid, created) and Promotion (promoted, sticky) panels on the edit screen, plus the Revisions tab.

NB: we still refer to "administer nodes" rather than "administer content" in a few places ("Role requires" text in other permissions) - I've submitted a separate patch to fix this.

Proposed resolution

Can we:

  • remove or clarify the ambiguous 'perform other tasks'
  • indicate "Administer Content" needs to be used in conjunction with edit permissions / doesn't allow editing on it's own
  • consider position/relative importance of Administer Content vs Bypass Content Access Types etc. in permissions list (which combination do most users need?)

Current suggested new text:

Warning: Give to trusted roles only; this permission has security implications. Change ownership, date/time, promote or make sticky and edit past revisions for content in all content types. Does not include view, edit or delete.

Remaining tasks

Agree wording. Write patch.

User interface changes

New description on /admin/people/permissions.

API changes

None.

Data model changes

None.

🐛 Bug report
Status

Needs work

Version

11.0 🔥

Component

node system

Created by

🇬🇧United Kingdom wturrell

Live updates comments and jobs are added and updated live.
  • Usability

    Makes Drupal easier to use. Preferred over UX, D7UX, etc.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 4 months ago
    🇦🇺Australia acbramley

    Still relevant, #19 and #41 still need actioning. We also need an MR here.

  • Comment 11 days ago
    🇳🇱Netherlands Ruuds

    After reading the current description in Drupal 11 I still didn't understand completely what the "administer nodes" permission does. After examining \Drupal\node\NodeAccessControlHandler::checkFieldAccess i did. It still felt strange to me that this is single permission covers all node types. Shouldn't it be split in a permission per node type as is done for the view/edit/etc permissions?

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024