Add a new permission for 'Field list' report

Created on 7 January 2018, almost 7 years ago
Updated 15 April 2024, 8 months ago

Problem/Motivation

In order to view the 'Field list' report, a user must have the 'Administer content types' permission. This doesn't really make sense because fields can be on any type of entity. It would make more sense to have a separate permission for this report.

Steps to reproduce

  1. Create a role with 'View site reports' permissions
  2. Confirm the user cannot access the field list at /admin/reports/fields
  3. Add the 'Administer content types' permission
  4. Confirm the user can now access the report

Proposed resolution

Create a new report for the 'Field list' report, and add an update so that existing roles with 'Administer content types' are granted this permission, to avoid unexpected changes on existing site.

Remaining tasks

  1. Create MR
  2. Review
  3. Commit

Release notes snippet

✨ Feature request
Status

Needs work

Version

11.0 πŸ”₯

Component
Field UIΒ  β†’

Last updated 6 days ago

Created by

πŸ‡·πŸ‡ΊRussia Chi

Live updates comments and jobs are added and updated live.
  • Needs change record

    A change record needs to be drafted before an issue is committed. Note: Change records used to be called change notifications.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡¦πŸ‡ΊAustralia pameeela

    Confirmed in 11.x, updated IS to be a bit more clear.

  • πŸ‡¦πŸ‡ΊAustralia pameeela
  • πŸ‡¦πŸ‡ΊAustralia pameeela

    Updated IS with the simple solution to just use a different permission. I can't say I use this report very often so not sure that it needs the most robust option :)

  • πŸ‡¦πŸ‡ΊAustralia pameeela
  • πŸ‡¦πŸ‡ΊAustralia pameeela
  • Merge request !7460Use different permission β†’ (Open) created by pameeela
  • Status changed to Needs review 9 months ago
  • πŸ‡¦πŸ‡ΊAustralia pameeela

    Updated to use 'View site reports' permission. Couldn't see any tests for this to update, please don't say it needs one :)

  • Pipeline finished with Failed
    9 months ago
    Total: 993s
    #144345
  • πŸ‡¦πŸ‡ΊAustralia pameeela

    Made a follow up to remove it. πŸ“Œ Consider removing the 'Field list' reports Active

  • πŸ‡¦πŸ‡ΊAustralia pameeela

    So there was a test of the page itself, which failed because the test user was only granted specific permissions. Anyway good news that there sort of already is a test that failed. Updated, should be green now.

  • Pipeline finished with Success
    9 months ago
    Total: 963s
    #144371
  • Status changed to Needs work 9 months ago
  • πŸ‡¦πŸ‡ΊAustralia pameeela

    Moving this to needs work so I can figure out how this permission change would affect existing sites. I assumed that anyone who used this report already had 'view site reports' but the test indicates otherwise.

  • Status changed to Needs review 9 months ago
  • πŸ‡¦πŸ‡ΊAustralia pameeela

    Back to needs review, I think the choices are either:

    1. Commit as a simple permissions change, noting that it would affect existing sites. I think the impact is mitigated by the fact that someone who didn't have view reports access would be unlikely to know about the report since they would not have the reports page in the toolbar.
    2. Create a new permission for this report and add it for users who previously had 'Administer content types'
    3. Won't fix?
  • πŸ‡ΊπŸ‡ΈUnited States dww

    I think for minimum disruption we would add a new perm, an update hook that adds it to roles with the existing one, etc.

    I could imagine sites that want to give out β€˜view site reports’ to roles for whom a complete list of all entity types and fields would be inappropriate, overwhelming, etc.

    This page probably wants to live under Structure, not Reports, anyway, but that’s for another issue. πŸ˜… It does seem like a useful report to get a sense of the IA of a site, especially if you didn’t build it yourself.

    Not sure what to recommend here. πŸ™ƒ I completely defer to the committers for a way forward.

  • Status changed to Needs work 8 months ago
  • πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Not a core committer but I agree with @dww in #22 about adding a new permission to avoid disruption. Can image this route there being confusion about this link randomly appearing for users.

  • πŸ‡¦πŸ‡ΊAustralia pameeela

    I have been thinking about this and I really don't think it's a bug. It was built this way intentionally and I don't think it's broken, but it could be improved. So I've updated it to a feature request.

    No one besides the OP has ever raised this, and although several people have noted the report's utility, none have noted any concerns with the current permission setup. This isn't that surprising because the report is really only useful to site admins who are reviewing the sites content model.

Production build 0.71.5 2024