Expand permissions for help topics

Created on 9 March 2018, almost 7 years ago
Updated 10 August 2024, 5 months ago

Problem/Motivation

On #2920309-97: Add experimental module for Help Topics β†’ , @benjifisher suggested that we should add permissions to help topics so that viewing a topic could be restricted to certain roles or permissions.

Proposed resolution

Implement this kind of like Views, where each display in a view can say that either a certain role or certain permission is required in order to use that display. The way this would work:

  • Standard permissions system: If a given user Foo has role A and role B, this user has all the permissions that are in either role A or role B, plus all the ones that are granted to "Authenticated user" (but not ones granted to "Anonymous user").
  • The way this proposed permission system works is first, if either role A or role B or the Authenticated role has "view help topics" permission, then that is the first prerequisite: user Foo can view topics that have no additional viewing restrictions on them. If none of A, B, and Authenticated have "view help topics" permission, that user cannot see any help topics, no matter how they are configured.
  • A given help topic can also be marked as having additional restrictions, by role or permission. This is similar to Views.
  • If some particular topic is marked as "Limit by role", you can specify a list of roles, and a user must have one of them to view the topic. So, for this topic, if the roles list contains either A, B, or Authenticated, then user Foo can see it, but if the roles only have role C or Anonymous, then they cannot see it.
  • You can also do the same with permissions, and a "must have" permission list. So, if the topic is marked as "Limit by permission", and the permissions list is something like "administer blocks" and "administer site settings", then the user Foo will only see this topic if either role A, B, or Authenticated has either the "administer blocks" or "administer site settings" permission.

Remaining tasks

a) Make a patch with tests (done).
b) Get it reviewed/fixed up (in progress)
c) Decide if this belongs in the module at all -- it might be too complicated.

User interface changes

- When editing a help topic, you can optionally restrict viewing permission for that topic to one or more roles or permissions.
- Topics that have been set like this have fewer users who can view them.

API changes

New methods added to the Help Topic entity class and interface, for get/set on the access configuration.

Data model changes

New field added to help topic config schema to hold the access configuration.

✨ Feature request
Status

Active

Version

11.0 πŸ”₯

Component
HelpΒ  β†’

Last updated 12 days ago

No maintainer
Created by

πŸ‡ΊπŸ‡ΈUnited States jhodgdon Spokane, WA, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡ΈUnited States mlncn Minneapolis, MN, USA

    Taking the liberty of making this active now that Help Topics has been put into core, is no longer experimental, has been merged into Help, and core has recognized the need for at least one new permission to use help pages β†’ !

    Exited to find this issue and i am hoping that jhodgdon's great work and benjifisher's and andypost's review and thoughts. I hope it can be applied to core.

    This is critical for making help pages helpful. For a content editor or even a site manager to visit the help page and see documentation for every single enabled module is overwhelming and makes finding the needed help harder.

    A huge advantage of built-in documentation is that it can have links to the configuration page or the block listing or whatever elseβ€” having a bunch of these links result in access denied results in an unfriendly experience.

    In my opinion best practice is splitting help topics into administration/configuration and regular usage, and this permission system allows these help pages to be targeted at those they can, indeed, help.

  • πŸ‡³πŸ‡ΏNew Zealand quietone
Production build 0.71.5 2024