Possible to give permissions per property?

[adamski]

Would it be possible to give a permission, not just per resource but also per property? I.e. so a user can be limited to only seeing certain properties of a given resource, or only able to edit certain properties and view others.

Happy to fork and implement myself just would like to see how feasible it would be. Thanks.

[mainul098]

I also want to use this kind of feature but unfortunately don't find it in the current implementation. This would be a great feature if it can be implemented. Is there any way to implement this?

[fyockm]

I also have a need to restrict certain fields to be edited only by particular roles. Is there another module that could be used in conjunction with this to achieve that requirement? Or is it easier to modify this?

[manast]

Without having giving a lot of thought to this all I can say is that in the way ACL is designed it really doesn't care about javascript objects, so implementing something like this may not be possible...

[smilledge]

Maybe this could be done by adding the field to the permission, something like:

// "bob" is an editor and "joe" is the author
acl.addUserRoles('bob', 'editor');
acl.addUserRoles('joe', 'author');

// Editor has edit permission on all fields
acl.allow('editor', 'articles', ['edit:*']);

// Authors can only edit the article title, body and tags
acl.allow('author', 'articles', ['edit:title', 'edit:body', 'edit:tags']);

This would require changing the way permission wildcards work so that the following would work as expected.

acl.isAllowed('joe', 'articles', 'edit'); // true
acl.isAllowed('joe', 'articles', 'edit:published'); // true
acl.isAllowed('bob', 'articles', 'edit:published'); // false
acl.isAllowed('bob', 'articles', 'edit'); // ?

I have not tried this so it might not work too well in practice, just a thought.