Contrib.social

Verified should not be removed as a managed role

Open on Drupal.org →
Created on 12 January 2023, almost 2 years ago
Updated 1 March 2023, over 1 year ago

Problem/Motivation

Maybe I'm missing something, but when I replace a role's 'manage users' permission with this modules permissions, they are unable to edit 'regular' users that do not have any roles beyond the regular 'verified' role. Inspecting the settings form, I notice the verified role being explicitly removed from the list of roles. Although obviously it makes no sense to 'assign' the verified role, editing and viewing users with that role still makes perfect sense.

Steps to reproduce

  • Create a role, e.g. 'usermanager'
  • Create a role to manage, e.g. 'moderator'
  • Set the moderator role to 'allowed' in this module's settings
  • Assign the usermanager the assign, edit and view allowed roles
  • Create several users; at least one of each with the above roles, and at least one without any roles
  • Log in with the usermanager
  • Go to the people overview
  • Observe that this user can not see any of the users without any roles

Although this fits the permissions set, I think it does not make sense to rule out users without any roles like this, it severly limits the uses cases this module applies to.

Proposed resolution

Do not filter out the verified permission in the settings form. Optionally, filter out the 'assign verified' permission where it makes sense, although that could be a follow-up issue as well.

Remaining tasks

  • Agree this is a problem
  • Create a fix
  • ...

User interface changes

Verified role can be selected in the settings form.

API changes

None.

Data model changes

None.

🐛 Bug report
Status

Postponed: needs info

Version

3.0

Component

Code

Created by

🇳🇱Netherlands eelkeblok Netherlands 🇳🇱

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago
    🇬🇧United Kingdom adamps

    unable to edit 'regular' users that do not have any roles beyond the regular 'verified' role

    Where does this 'verified' role come from? I cannot see any sign of this special role in Drupal Core or in this module. So I guess it is specific to your site.

    I notice the verified role being explicitly removed from the list of roles

    The settings form filters out any roles with permission 'administer users' - see AccessManager::managedRoles(). I can't see any other code to filter out roles in this module.

    Observe that this user can not see any of the users without any roles

    Except these users do have the special 'verified' role??

    I believe this is working fine on my site, so I cannot reproduce.

  • Comment over 1 year ago
    🇳🇱Netherlands eelkeblok Netherlands 🇳🇱

    🤦‍♂️ so sorry for the confusion, I mean the regular authenticated role (the translation in Dutch is more like verified, which is where my mistake originates, I think). I need to recheck, because if something is truly off, I would think that would have been apparent.

  • Comment over 1 year ago
    🇬🇧United Kingdom adamps

    Ah that makes sense now.

    The authenticated role should not be visible in the settings form as it should always count as a safe role. The permission 'View users with allowed roles' should allow access to view authenticated users.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024