Contrib.social

Allow disabling fields via a permission

Open on Drupal.org →
Created on 19 June 2021, over 3 years ago
Updated 24 September 2024, 4 months ago

Motivation

When using this module, I ran into some issues with the configuration:

  • When disabling access to fields, access was also restricted for the super admin (user 1). This is the case for both the "Disable for all users" and the "Disable for certain roles" (with all roles selected) options.
  • When configuring the site, a lot of fields where restricted in exactly the same way. If the client wants us to modify access in the future, all of these fields will have to be re-configured manually.

Proposed resolution

Provide an option for users to restrict the field access via a permission. This has the following features/advantages:

  • Access checks are managed by Drupal, allowing for the usual niceties such as automatically granting access to the super admin (user 1)
  • Access is managed via a single permission, allowing site maintainers to grant/revoke access quickly/easily. The downside to this is that there's only one permission, managing access to all fields that are configured to restrict access via said permission.

The attached patch provides such an option.

Feature request
Status

Needs review

Version

2.0

Component

Code

Created by

🇧🇪Belgium nick dewitte

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 4 months ago
    sheetal.pathak

    Hi,

    Reviewed this issue ,MR 1 applies cleanly.
    This resolves issue mentioned in #3 that "Drupal's philosophy that the administrator role should have access to everything".

    Drupal version 9
    Disabled field version 8.x-2.x-dev
    Steps to reproduce were not clear so adding it here

    1. Install Drupal and mentioned module version, and enable it.
    2. Create a role with limited access , here I have created Editor role.
    3. Create a content type with some with field, you will find option to Disable field settings.
    4. Select Disable for certain roles and select all roles for reproducing issue at first.
    5. Add content and check filed is disabled for admin and editor role(with limited access).
    6. Apply Patch 1 and check same field is now enabled for Admin role.
    Adding before and after screenshot for Editor and admin roles.

    Hence patch works correctly.

    RTBC +

  • Comment 4 days ago
    🇫🇮Finland mlahde

    I tried the patch, but it seems to do nothing in the 3.x code branch. When I briefly visited the current code, it has changed a lot and this is the only actual permission check done in the module:

    public function addDisableFieldConfigFormToEntityForm(array &$form, FormStateInterface $form_state, string $form_id): void {
    if (!$this->currentUser->hasPermission('administer disable field settings')) {
      return;
    }

    i.e. it check only if the user may administer disable field settings. There still some role based checks, related to disable_field settings

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024