Contrib.social

Deleting profile type with already assigned permissions breaks permissions manage form

Open on Drupal.org →
Created on 29 March 2023, about 2 years ago
Updated 16 May 2023, almost 2 years ago

Problem/Motivation

When you delete a profile type that has permissions assigned to any role (other than admin), it does not remove the role's permissions, which throws a critical error on any attempt to update any other permissions.

RuntimeException: Adding non-existent permissions to a role is not allowed. The incorrect permissions are "create client profile", "update own client profile", "view own client profile". in Drupal\user\Entity\Role->calculateDependencies() (line 200 of core/modules/user/src/Entity/Role.php).

Drupal\Core\Config\Entity\ConfigEntityBase->preSave() (Line: 179)
Drupal\user\Entity\Role->preSave() (Line: 528)
Drupal\Core\Entity\EntityStorageBase->doPreSave() (Line: 483)
Drupal\Core\Entity\EntityStorageBase->save() (Line: 253)
Drupal\Core\Config\Entity\ConfigEntityStorage->save() (Line: 339)
Drupal\Core\Entity\EntityBase->save() (Line: 608)
Drupal\Core\Config\Entity\ConfigEntityBase->save() (Line: 977)
user_role_grant_permissions() (Line: 951)
user_role_change_permissions() (Line: 228)
Drupal\user\Form\UserPermissionsForm->submitForm()
call_user_func_array() (Line: 114)
Drupal\Core\Form\FormSubmitter->executeSubmitHandlers() (Line: 52)
Drupal\Core\Form\FormSubmitter->doSubmitForm() (Line: 595)
Drupal\Core\Form\FormBuilder->processForm() (Line: 323)
Drupal\Core\Form\FormBuilder->buildForm() (Line: 222)
Drupal\Core\Form\FormBuilder->getForm() (Line: 66)
Drupal\fpa\FpaFormBuilder::buildFpaPage() (Line: 24)
Drupal\fpa\Controller\FPAController->permissionsList()
call_user_func_array() (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 580)
Drupal\Core\Render\Renderer->executeInRenderContext() (Line: 121)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext() (Line: 97)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 163)
Symfony\Component\HttpKernel\HttpKernel->handleRaw() (Line: 74)
Symfony\Component\HttpKernel\HttpKernel->handle() (Line: 58)
Drupal\Core\StackMiddleware\Session->handle() (Line: 48)
Drupal\Core\StackMiddleware\KernelPreHandle->handle() (Line: 106)
Drupal\page_cache\StackMiddleware\PageCache->pass() (Line: 85)
Drupal\page_cache\StackMiddleware\PageCache->handle() (Line: 48)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle() (Line: 51)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle() (Line: 51)
Drupal\Core\StackMiddleware\StackedHttpKernel->handle() (Line: 686)
Drupal\Core\DrupalKernel->handle() (Line: 19)

Steps to reproduce

  1. Create a Profile Type
  2. Go to User > Permissions and assign any permission related to that profile type to any role (other than admin)
  3. Delete the profile type
  4. Go back to User > Permissions and attemp to update any other permission (or even just press "update" without doing any change)

Proposed resolution

It looks like that the permissions related to the profile type are missing dependencies.

Look for example at this role configuration (simplified), the profile type "client" has already been removed but its permissions remain. I have left the permissions of Node Article bundle to make a comparison. The permissions 'delete own article content' and 'edit own article content' have the dependecy node.type.article

langcode: es
status: true
dependencies:
  config:
    - node.type.article
  module:
    - node
    - profile
id: authenticated
label: 'Usuario autenticado'
weight: 1
is_admin: false
permissions:
  - 'create client profile'
  - 'update own client profile'
  - 'view own client profile'
  - 'delete own article content'
  - 'edit own article content'

Using Node module as example, you may also want to take a look how it handles permissions at NodePermissions.php using the method generatePermissions() from the trait BundlePermissionsHandlerTrait.php.

My guess is that the best approach will be replacing the current Profile entity permission provider handler ( Drupal\entity\UncacheableEntityPermissionProvider) with a custom class that extends from it and also implements the BundlePermissionHandlerTrait.

Workaround

For anyone that is facing this issue, if you have Devel module installed, you can use its config editor to edit the corresponding user role(s) that have those permissions assigned and just remove them or you can also use "drush config:edit user.role.[YOUR_ROLE]" command to remove them.

🐛 Bug report
Status

Active

Version

1.0

Component

Code

Created by

🇪🇸Spain lordgretix

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @lordgretix
  • Comment almost 2 years ago
    🇮🇹Italy kopeboy Milan

    Crashed into this as well today. Thank you for posting the issue AND the workaround! Let me point out that we can't even uninstall the Profile module without fixing the permissions.. Because of this and because of broken permissions on a user-related module (crucial feature), I would even bump this to Major priority.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024