User login

Permission sets for sensible defaults in module-provided permissions to roles

Created a feature that would be easily shareable among Drupal sites except for a big failing of Drupal to allow for module-provided sensible default permissions.

  // 4 is the 'content manager' role created in our installation profile.
  // Using 4 seems more stable than looking it up with user_role_load_by_name.
  // Please note that i lobbied really hard for a content admin sort of role
  // to apply sensible defaults to:

@TODO: Bring this issue back for Drupal 8 as permission groupings or permission sets; the same way Drupal can assign all new permissions to whichever role has the special 'administrator' designation, so should several role sets be available for similar use.

'administrator' => the role (or roles) given this designation get all permissions provided explicitly (rather than dynamically) by modules- this is pretty much the current behavior.

'content manager' => the role or roles given this designation can be given sensible default permissions by modules.

'content editor' =>

'content administrator' =>

user admin? Actually i don't even know what these should be, but they should be.

Drupal core doesn't have to ship with any of these used, though the default profile starting with at least a couple would certainly help. The idea

Having a special hook for assigning default permissions would be cool so that there could be a 'reset to defaults' option, but that is problematic enough in itself (regardless of functionality) that the ability to assign permissions to roles in different permission sets during install and update hooks is a start.

Like this:

  $roles = user_role_load_by_permission_set(CONTENT_MANAGER);
  foreach ($roles as $role) {
    user_role_grant_permissions($role->rid, array('manage example content', 'munge example content'));

Note how this is only used in the assignment process; it doesn't affect the way the permissions system works at all.


Post new comment

The content of this field is kept private and will not be shown publicly.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <small> <h2> <h3> <h4> <h5> <h6> <sub> <sup> <p> <br> <strike> <table> <tr> <td> <thead> <th> <tbody> <tt> <output>
  • Lines and paragraphs break automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.