- 🇺🇸United States j.cowher
Patch #4 doesn't take into account removals.
Example:
$a = [1, 2, 3]; $b = [1, 2, 3, 4];array_diff($a, $b);in this example would return an empty array and the rebuild would not run.Attaching a new patch that was inspired by #4.
- Status changed to Needs review
over 1 year ago 8:05pm 1 February 2023 - 🇺🇸United States j.cowher
Changing the status of this issue to "Needs Review" due to the fact that there are a few different approaches identified by the community. #15 and #4 can be applied via Composer patches, but #12 is more in-depth. Are there any intentions of merging #12 into a future release?
- 🇮🇳India sudesh.solaskar mumbai
#12 MR fails in following scenario -
1. Create a dummy user.
2. Edit the newly created user and assign a term to it (Make sure this user does not have any term assigned prior to this).
3. save the form and you will get the error.TypeError: array_diff(): Argument #1 ($array) must be of type array, null given in array_diff() (line 311 of modules/contrib/permissions_by_term/permissions_by_term.module).
- Status changed to Needs work
over 1 year ago 12:50pm 23 March 2023 - First commit to issue fork.
- Status changed to Needs review
over 1 year ago 5:56am 12 June 2023 - First commit to issue fork.
-
marcoliver →
committed 62da3033 on 3.1.x-dev authored by
Nigel Cunningham →
Issue #3170389 by Nigel Cunningham, j.cowher, rajneeshb, marcoliver,...
-
marcoliver →
committed 62da3033 on 3.1.x-dev authored by
Nigel Cunningham →
- Status changed to Fixed
about 1 year ago 7:58am 30 August 2023 - 🇩🇪Germany marcoliver Neuss, NRW, Germany
I just merged the MR. Will probably put out a new release by tomorrow.
Thanks everybody!
Automatically closed - issue fixed for 2 weeks with no activity.
- Status changed to Fixed
about 1 year ago 12:57pm 13 September 2023 Hi.
Isn't this wrong?
If I understand well, what was committed is checking for a difference of the "allowed terms" field in the user form before rebuilding content access.
But doesn't this module work the other way around too? With a "roles allowed" in the term form?
If that's the case, by restricting the checking of difference in the user form to terms for performance reasons, isn't a security issue introduced?
If I change the roles of a user, shouldn't content access be rebuilt to match the roles eventually assigned to terms?- 🇩🇪Germany marcoliver Neuss, NRW, Germany
Hi pbouchereau,
thanks for your message! I tried reproducing the scenario you outlined, but wasn't able to create a problem.
When a user's directly assigned term-associations are changed, permissions_by_term_user_form_submit updates these associations and rebuilds node access.
When I change, which roles/users have permission to access a term, permissions_by_term_submit is triggered and also rebuilds node access if necessary.
Can you please elaborate on where you see the potential problem?
Hi,
Thanks for the fast reply.
I actually had this mixed up in my head. The issue I was facing was solely due to the customer's configuration.
Sorry for bothering you, I'll check thrice before posting next time.
Have a nice day.- 🇩🇪Germany marcoliver Neuss, NRW, Germany
Hey, no problem at all! Thanks for voicing your concerns!