Perhaps this obviates the question, but I just now checked out the news module from the OACS HEAD and removed all custom privileges, which is what I think we agreed to do at some point.
I then mapped the privileges as follows:
news_read -> read
news_create -> create
news_delete -> delete
news_admin -> admin
The main disadvantage of removing the custom permissions is that if, say, you want to grant someone news admin permission, you need to grant them the "admin" privilege at the news instance-level. There is no way of granting someone site-wide "news admin" permission, unless you grant them site-wide "admin" permission, which is probably not what you want.
But, this won't be an issue for most sites, and is probably outweighed by the benefit of simplifying and uncluttering our permissions namespace.
Questions:
- Is this ok?
- Is now a good time to commit my changes back to the HEAD?
- Do I need to write an upgrade script, and if so, do we have any similar examples of this?
- Also, regarding the upgrade script, how do we handle cases like users who were granted site-wide news_admin privileges? We obviously wouldn't want to convert all "news_admin" permission grants to "admin".
Thanks...
