[UX] Better Menu permissions

[ghost]

Similar to #382, I'd like to see better permissions for Menus. Drupal's Menu Admin per Menu module provides separate permissions for each menu, so something like this would be good.

[ghost]

Here's everything that MAPM does (based on this code):

1. Adds a new 'Administer [MENU] menu items' permission for each menu.
2. Changes access of:
   • 'admin/structure/menu' to anyone with any menu access
   • 'admin/structure/menu/manage/%', 'admin/structure/menu/manage/%/add', 'admin/structure/menu/item/%/edit', 'admin/structure/menu/item/%/reset' and 'admin/structure/menu/item/%/delete' to anyone with access to that menu
3. Edits 'admin/structure/menu' page if user doesn't have 'Administer menus and menu items' permission:
   • Hides menus the user doesn't have access to
   • Hides the 'Edit menu' link for each menu
4. Restricts 'Parent item' options (in Menu Settings on Node forms) to allowed menu items.
5. Restricts 'Parent link' options (on Edit Menu Link forms) to allowed menu items.

[jenlampton]

Yes please! I also want better UX for these new permissions. Can I pretty please have a vertical tab on the menu config form that adds the permissions for menus there? See related: #900 and #38

[jenlampton]

I'm running into limitations today with the menu permissions not being granular enough on backdropcms.org - and I'm porting Menu Admin per Menu. I would love to see a solution for this get into 1.4. It would pair nicely with all the other permissions work we achieved in 1.3 :)

[jenlampton]

I'm just gonna leave this right here...
https://github.com/backdrop-contrib/menu_admin_per_menu

[serundeputy]

Looks like we will not have time for this moving to 1.5.

[jenlampton]

Looks like we won't have time for this in 1.5 either, pushing back to 1.x-future.

[ghost]

It seems this issue is bigger than just wanting more granular control of menus. I just noticed that access to a node's "Menu Settings" vertical tab is controlled by the "Administer menus and menu items" permission. This means that to give an editor access to create/edit a node's menu item, they need access to the whole menu structure, including the Administration menu. Otherwise they simply can't create/edit menu items on the node form at all. That's not ideal, to the point I'm tempted to mark this as a bug report... Actually I think I will.

[jenlampton]

I do like the idea of adding a separation of permissions from "menus" and "menu items". But we will still need to give people who get access to manage menu items, access to each menu admin page (admin/structure/menu/manage/main-menu) so that they can adjust the order of menu items. So the Administer menus permission should maybe only apply to the menu settings page (admin/structure/menu/manage/main-menu/configure).

[olafgrabienski]

Yes, let's separate the permissions of menus and menu items! Quite important, in my opinion: Without Administer menus, a person shouldn't be able to delete a menu.

Do we want to leave more fine-grained control, e.g. permissions per menu, as described in #384 (comment) to the https://github.com/backdrop-contrib/menu_admin_per_menu module?

[jenlampton]

Do we want to leave more fine-grained control, e.g. permissions per menu

Maybe that's best left to contrib if we can get the separation of menus + menu items in core.

[klonos]

This can be even more problematic with the addition of things like #1285 and #1610 in core, so I think that we should aim to fix things in 1.18.0 if not sooner. Vanilla Backdrop installation use case:

1. Realise that editors should be able to edit the menu items of pages they create (for example they create a "Who we are" page, but want the menu item for it to be "About")
2. Go to permissions -> only permission is the "Administer menus and menu items" one -> grant that to the "Editor" role.
3. Now ALL content editors have access to edit/delete ALL menus and menu items; EVEN THE ADMIN MENU!! 😱

I think we should introduce a "Manage menu items in the %menu% menu" permission, that allows adding/deleting/editing/reordering menu items for that menu. What people with this permission will NOT be able to do is edit the menu name/description, nor delete the entire menu, nor export it as config, nor create new menus.

The "Administer menus and menu items" should become a "master" permission that allows any manipulation of any menu and its menu items (also future menus created). As such, the "Warning: Give to trusted roles only; this permission has security implications" description should be added to it.

PS: I've noticed that in D8/D9 this permission was moved under the System section 🤷

PPS:

Maybe that's best left to contrib if we can get the separation of menus + menu items in core.

I think what we should avoid over-complicating the permissions and the admin UI. So a thing that should be left for contrib is permissions to specific menu items, like the the following modules:

https://www.drupal.org/project/menu_item_visibility
https://www.drupal.org/project/menu_item_role_access
https://www.drupal.org/project/menu_per_role
https://www.drupal.org/project/custom_menu_perms
https://www.drupal.org/project/roles_for_menu

Also extremely fine-grained menu operation permissions like the following should be left to contrib:

https://www.drupal.org/project/simple_menu_permissions
https://www.drupal.org/project/custom_menu_perms

I do acknowledge though that there are quite a few contrib solutions out there trying to solve similar issues, so perhaps we should consolidate things as much as possible.

[klonos]

I had another look at the code of the 7.x branch of the MAPM module, and it's only about 180 lines of code. For the value that it provides (mainly the granular separation of permissions per menu), I think that it is worth incorporating its functionality in core.

I might take a crack at this.