Should Admin Modules be Accessible by Default?

mattcdavis1 - 3 weeks ago

It's seems like this is the case and if so it seems backwards. If i create a role that has access to cpanel a user should only be able to see modules that i have checked as viewable. There should be a default permission for all modules of "Can Access". Even some modules that do have permissions allow partial visibility even with nothing checked (for example, grid and variables).

Is my understanding correct that by default if you create a module any user with cpanel access can view it?

ryanthompson - 3 weeks ago

That's correct (PS partial visibility should be fixed..). By default anyone with control panel access - has access to a module IF it doesn't define any permissions.

Main reasoning behind this is majority and the amount of work for majority needs. I've found permissions are not nearly as common as needing an addon created in general. Least effort and capturing the most requirements for the most implementations (of a custom addon in this context usually) is my goal. Requiring permissions and automating / defaulting that is kinda eh IMO.

I could see a default "can access this module" permission perhaps but that's assumed by "does this person have ANY permissions for this addon" (or not).

Does that make sense?

mattcdavis1 - 3 weeks ago

I think that if module has no permissions defined there should definitely be a single default permission of "Can Access." Beyond that i think it makes sense that if there are checkboxes provided by the module and none are checked that should resolve to no access at all.

I think part of the confusion for me was the partial visibility that i was seeing both on the modules i mentioned and also on some of my custom modules. Is there a github issue for this? If not i'll create one.

ryanthompson - 3 weeks ago

There is not - please spin one up if you could. Again I'd like to keep it as sensibly defaulted with no work required as possible. Maybe post this around to get some input.

IF a non-admin can access CP.. can they access addons with on permissions defined by default. If not. We need a default "can" access permission! Lights of first approach. I'll ask my team too - Im curious as their thought as managers.

mattcdavis1 - 3 weeks ago

ok - one other question. Are streams module permissions working on your end? i created a user with access to only 1 module that i created but the user is able to read / create / update streams via the streams module.

ryanthompson - 3 weeks ago

Streams.. I can't recall it might not have permissions setup. I have a big update for that addon almost ready and one of the things was more permissions / granular control.

piterden - 3 weeks ago

Maybe we could have a setting for fast disallowing of all permissions of each module?

piterden - 3 weeks ago

But it again implies using of different contexts