- Status changed to Needs work
over 1 year ago 6:40pm 1 March 2023 - 🇨🇦Canada joseph.olstad
please review to see if we need to backport this to 2.0.x, I believe we do
At the moment the action specific permissions (i.e. moderated content bulk draft) are access checked inside the execute method of the action plugin, and it doesn't seem like the correct place to do it, since we already have an access method in the plugin interface.
This causes notification messages which are dubious:
Also it seems like we're missing out on functionality that comes from
views_bulk_operations →
, in regards to access checks if ViewsBulkOperationsBulkForm view field is used, instead of NodeBulkForm view field.
Try to use one of the action operations the module provides, with a user that doesn't have a permission for that action.
Move the permission as an annotation of the plugins.
Move the code that checks the permission access to the RevisionActionBase. The check will get the permission name from the plugin definition.
This should have the following effects:
The Actions are based on ViewsBulkOperationsActionBase from the views_bulk_operations module.
In it's documentation →
it says that when annotating a ViewsBulkOperationsActionBase action plugin, you can set a _permission property, which ViewsBulkOperationsBulkForm uses for it's access checks.
Needs work
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
please review to see if we need to backport this to 2.0.x, I believe we do