Description of the need
When I see that a certain permission "has security implications", I wonder what those implications are, and how much they'll affect my site/users...
Proposed solution
I'd like to propose allowing developers to write an additional description for permissions that describe what the security implications are.
Alternatives that have been considered
Backdrop already has this ability, with the warning
key of hook_permission()
. However, it says:
This warning overrides the automatic warning generated by 'restrict access' being set to TRUE. This should rarely be used, since it is important for all permissions to have a clear, consistent security warning that is the same across the site.
Additional information
I therefore propose re-purposing this warning
key to allow providing an additional description. That way, the security warning (based on the restrict access
key) remains clear and consistent, but more information can be provided if/as necessary.
I've looked through all core implementations of hook_permission()
, and nowhere is this used. The only place that almost uses it is the Filter module, but it adds its own emphasised warning description, rather than utilising the dedicated 'warning' key.
Semi-related issue: https://github.com/backdrop/backdrop-issues/issues/3252
Draft of feature description for Press Release (1 paragraph at most)
Backdrop now displays permission warning descriptions separately to the default security warning message. This allows for more consistent messaging and the ability to better describe why certain permissions have security implications.
Recent comments
Hello, @yorkshirepudding! Thanks a lot, I got it, all sorted out.
My layout template (layout--blog.tpl.php) doesn't work
Hi @Gnome and welcome to Backdrop When I create custom layout templates I put them in /layouts/custom/my_layout Note: you can split modules and layouts between contrib and custom...
My layout template (layout--blog.tpl.php) doesn't work
This post explains how to do this in Drupal 7. In Backdrop, File Entity is already part of core. You will need to download and install module Views Field View. https://drupal.stackexchange...
I Need to Display an Image in a View that was Uploaded to a Webform