Edit Rights on Attributes Block

Edit Rights on Attributes Block


The Problem

The Attributes block (as seen on the Admin | General Settings | Global Attributes page) could be made MUCH more useful with a change to how it handles rights. Today, this block ONLY lets you edit attributes it exposes if you have Administrate rights, which makes sense because it (normally) is only used to edit Global Attributes and only Rock Admin role has Administrate rights to it.

But imagine you need to build a page where someone else (some  other role) needs to edit only specific Global Attributes... there many reasons you might want to do this. So you plop the Attributes block on a new page, tell it to display a specific category, and configure the page/block to allow your special role Edit rights. If you do that, and access the page as someone in the role (but not a Rock admin), you will see

This is because the block is hard-coded to only allow Editing if you have Administrate rights. However, the problem with giving Administrate rights to your special role is that THAT would allow them to... delete the attributes, edit the attribute properties, and even add NEW global attributes! Clearly not what you want to grant to a non-Rock Admin.

The Solution

This idea proposes that the Attributes block be changed to evaluate rights in the following way:

  1. If the user accessing the block has Administrate Rights, same behavior as today... you can do anything you want with the attributes the block is exposing.
  2. If the user does NOT have Administrate rights, evaluate if they have Edit rights to any attributes in the Category being exposed and let them ONLY edit those attribute values.

This would greatly increase the utility of this block when you're needing to give a non-Admin rights to edit specific Global Attributes.

Photo of Jim Michael Submitted by Jim Michael, The Crossing  ·   ·  CMS
Login to add a comment...