Re-evaluate administrators and owners special handling

Created on 10 July 2018, over 6 years ago

Updated 19 April 2023, almost 2 years ago

Problem/Motivation

We currently have some special handling for administrators and owners:

    // Administrators don't need to go through all this.
    if ($account->hasPermission('administer media')) {
      return AccessResult::allowed()
        ->cachePerPermissions()
        ->addCacheableDependency($entity);
    }

    // The owner can always view their own entities.
    $is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
    if ($is_owner) {
      return AccessResult::allowed();
    }

which simplifies a bit our logic so we don't need to bother with some of the edge cases that may be present when those assumptions are not true.

However, that might not fit 100% with all use cases.

Proposed resolution

This issue aims to discuss and explore whether the "added complexity" of eliminating those assumptions is something worth pursuing in this module, and how to best change the code if we eventually decide to eliminate them.

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task

Status

Active

Version

2.0

Component

Code

Created by

🇪🇸Spain marcoscano Barcelona, Spain

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
🇩🇪Germany Anybody Porta Westfalica
A possible workaround for this might be to add and check a view / edit / delete own permission or putting the selection into a setting so the user can choose, if the behavior should be disabled... Still not sure, what's the best way...

Also see #2927277: Add a "View own unpublished media entity" permission → and as general solution, which should also solve this case by having a lot more standard-permissions: 📌 Introduce entity permission providers Needs work (this one should be pushed forward in general I think!)
Comment almost 2 years ago →
🇩🇪Germany Anybody Porta Westfalica

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024