@tvatavuk and @iJungleboy are enhancing user permissions with a lot of detailed permissions in #6042
At the same time, we had a user ask to allow less privileged users to be able to select a page in a UI - eg. here https://github.com/2sic/2sxc/issues/3434 by @6TELOIV
IMHO this causes a problem which should be address at the DNN level, similar to the question if a user is allowed to MANAGE files, we should have a permission if a user is allowed to "see the entire page structure".
Description of solution
This new permission could be called BROWSEALL (I would not use ~BROWSE~ as that could be confused with the new NAVIGATE permission, ~DIRECTORY~ is probably also confusing).
The advanced permissions are grouped by a key, eg SYSTEM_FOLDER seems to be the grouping aspect for file permissions, and SYSTEM_TAB is for page permissions which are shown at the page-edit-permissions section.
So I'm not even sure if there is a correct group for such a permission as of now, but I assume we don't have it yet. I could image we call this SYSTEM_NAVIGATION since it's more about navigation than about pages (e.g. if in future other modules could "inject" virtual pages into the navigation structure - eg. blog-details-posts - this could be used/respected as well.
So my recommendation is:
Create a new permissions group called SYSTEM_NAVIGATION
Create a permission for this called BROWSEALL
Make sure that the special roles Administrators, Content Editors and Content Managers have this permission by default.
Document this
Let the module developers respect this new permission in their systems, e.g. 2sxc, Mandeeps etc.
Later on we should also do (in separate tasks)
create a UI to assign such global permissions to users and roles. This should be moved to later and possibly another issue, since it feels like an obvious next step, but it's quite large and I would not want to wait for this just to implement this new permission. This would also allow people to create their own custom Content Editors-like roles, with slightly different permissions.
Update / enhance the DNN APIs to respect this permission, - in addition to permissions such as SYSTEM_NAVIGATION-MANAGE - so that there is a difference between managing a single tab, vs. moving a tab to other places.
Description of alternatives considered
No response
Anything else?
No response
Do you be plan to contribute code for this enhancement?
[X] Yes
Would you be interested in sponsoring this enhancement?
[ ] Yes
Code of Conduct
[X] I agree to follow this project's Code of Conduct
Is there an existing issue for this?
Description of problem
@tvatavuk and @iJungleboy are enhancing user permissions with a lot of detailed permissions in #6042
At the same time, we had a user ask to allow less privileged users to be able to select a page in a UI - eg. here https://github.com/2sic/2sxc/issues/3434 by @6TELOIV
IMHO this causes a problem which should be address at the DNN level, similar to the question if a user is allowed to
MANAGE
files, we should have a permission if a user is allowed to "see the entire page structure".Description of solution
This new permission could be called
BROWSEALL
(I would not use ~BROWSE
~ as that could be confused with the newNAVIGATE
permission, ~DIRECTORY
~ is probably also confusing).The advanced permissions are grouped by a key, eg
SYSTEM_FOLDER
seems to be the grouping aspect for file permissions, andSYSTEM_TAB
is for page permissions which are shown at the page-edit-permissions section.So I'm not even sure if there is a correct group for such a permission as of now, but I assume we don't have it yet. I could image we call this
SYSTEM_NAVIGATION
since it's more about navigation than about pages (e.g. if in future other modules could "inject" virtual pages into the navigation structure - eg. blog-details-posts - this could be used/respected as well.So my recommendation is:
SYSTEM_NAVIGATION
BROWSEALL
Administrators
,Content Editors
andContent Managers
have this permission by default.Later on we should also do (in separate tasks)
Content Editors
-like roles, with slightly different permissions.SYSTEM_NAVIGATION
-MANAGE
- so that there is a difference between managing a single tab, vs. moving a tab to other places.Description of alternatives considered
No response
Anything else?
No response
Do you be plan to contribute code for this enhancement?
Would you be interested in sponsoring this enhancement?
Code of Conduct