Say, I give a user Edit authority for him to manage a Forums module. If he clicks Module Settings there's also a button at the bottom that erases the entire module. This deletion leaves no trace in the Content Manager, so I can't restore it. This means any forum administrator could nuke months of user content in just three clicks.
Is there a way to selectively hide the Delete button from the Module Settings page?
Edit: Alternatively, it would be nice if Module Settings did delete the module, but left it in Content Manager. That way, it could be easily restored or deleted by the site administrator.
I found this kinda can be done by forbidding roles from using Module Settings by going to Administration | Roles NOT allowed to edit feature instance settings.
Roles added to this list lose access to every Module Settings of every feature in the site. It works for my case, but I'd prefer more granularity.
If a user removes a module from the page (PageLayout.aspx) it is not really deleted and can easily be restored to the page, so this is like our trash can feature making it possible to recover the content if it was removed from the page.
There are only 2 places where a module can be really deleted, one is the ModuleSettings.aspx page and the other is in the Content Manager > Publish/Delete page.
In addition to the "Roles NOT Allowed to edit feature instance settings", there is a setting you can add to user.config to hide the delete button in module settings from users who are not Administrators or Content Administrators:
<add key="HideModuleSettingsDeleteButtonFromNonAdmins" value="true" />
Hope that helps,
Thanks. After rethinking security using the available options, it can do what I wanted.
I'm starting to like the simplified security model, it fits well with the rest of MojoPortal. I've used DotNetNuke before, its security is more granular but can become cumbersome.