This is a user interface proposal for hierarchical permissions, a concept aims to make it possible to have modules with hierarchically structured, accurately regulable permissions.
If you have ever worked on a bigger Drupal project, you know that the permission admin page can go crazy. Many modules provide many permissions. Introducing a hierarchical permission system on its own will not help. Moreover, if we will take advantage of effectively having more granularity in our permissions, the situation will become worse. But do we use all the permissions which are available? No, we don't -- most of the time. So what if we have to deal with only those permissions what we actually use in our website? It sounds better, doesn't it? Let's have a possibility to choose a permission, and right away define the roles which we would like to grant that certain permission to. This is how a permission rule can be created. The idea is to provide separated functionality to quickly create permission rules (more than one at the same time), and then present these in a clear way, and make it possible to edit the roles in a permission rule. It also makes sense to have the top-level permissions as default permission rules -- with the permission granted to the administrator role. Installation profiles could provide more deafults.
Propoposal for the UI
During my Google Summer of Code project last year I was working together with my mentor, Károly (chx) Négyesi and we came up with a plan which was reviewed by Bojhan Somers. At last I have implemented it as a working prototype:
Here comes some explanation about what you can see.
Creating permission rules
The interface consists of two parts. The first section makes it possible to discover the permission tree (in the prototype you can see more or less the permission tree described in this issue) in an easy way. Besides discovering the most important is that you can create your own permission rules. Choose and combine permissions from different levels (make sure that you don't skip choosing also from the parent level, if it exists). Select one or more roles, and then click on Create. Then you have a (few) new permission rule(s).
Displaying permission rules
If you scroll down, you can see the second component of the UI. The list of permission rules. First of all, without doing anything, you have a few defaults. As I mentioned, the top-level permissions with the Administrator role are here by default.
If you have created your own permission rules, you can see them here in the list. You can remove them with the small X icon on the left. Note that you don't have the possibility to delete default permission rules. In the end of each row, you can see the list of the roles for the permission. The roles can be modified, just hover them, and select or deselect items in the appearing list. You can never deselect the Administrator role.
The way how the list of permission rules is displayed should be improved visually, and maybe even functionally (we could use e.g. different filters for quickly filter the list).
My goal with this proposal is to see whether you like the idea of permission rules, and having separated UI component for creating them. And if you do so, we could discuss the further improvements.
|Creating permission rules||46.28 KB|
|Displaying permission rules||33.42 KB|