- πͺπΈSpain fjgarlin
Note that we might run into this issue when running the tests: https://github.com/mglaman/phpstan-drupal/issues/527
I ran into it when trying to use the new method.The new code does work in Drupal, but it wouldn't pass CI validation.
Once it's fixed then everything is good but I thought I'd mention it just in case.
- π«π·France andypost
Better title and updated summary
As measurements in #3274867-39: Add TrustedCallback attribute β and comment #40 showing we can deprecate interface as well
Filed CR https://www.drupal.org/node/3355686 β but probably we can improve existing one https://www.drupal.org/node/3349470 β
- Status changed to Needs review
over 1 year ago 7:14pm 21 April 2023 - last update
over 1 year ago Custom Commands Failed - π«π·France andypost
There's extra interface and API around render elements
RenderCallbackInterface
Moreover phpstan has check for the interface and will fail test
- Status changed to Needs work
over 1 year ago 1:14am 22 April 2023 - π«π·France andypost
phpstan needs improvement first
Line core/lib/Drupal/Core/Access/RouteProcessorCsrf.php ------ ---------------------------------------------------------------------- 52 #lazy_builder callback class 'Drupal\Core\Access\RouteProcessorCsrf' at key '0' does not implement Drupal\Core\Security\TrustedCallbackInterface. π‘ Change record: https://www.drupal.org/node/2966725.
- πΊπΈUnited States mglaman WI, USA
phpstan-drupal issue: https://github.com/mglaman/phpstan-drupal/issues/527
I'm working on support in this PR https://github.com/mglaman/phpstan-drupal/pull/529
PHPStan doesn't have an API for reading attributes from its reflection API yet. Or at least I cannot find it. So it's going to require a bit of work and refactor of the existing rule. This is needed anyway to handle
date_time_callbacks
anddate_date_callbacks
requiring this anyway. - πΊπΈUnited States fathershawn New York
The phpstan work referenced in #7 has been merged and closed.
- π«π·France andypost
Locally it still fails
Running PHPStan on changed files. ------ --------------------------------------------------------------------------------------------------------------------------------- Line lib/Drupal/Core/Security/DoTrustedCallbackTrait.php (in context of class Drupal\Tests\Core\Security\DoTrustedCallbackTraitTest) ------ --------------------------------------------------------------------------------------------------------------------------------- 75 Call to deprecated method trustedCallbacks() of class Drupal\Core\Security\TrustedCallbackInterface: in drupal:10.1.0 and is removed from drupal:11.0.0. Instead, you should use \Drupal\Core\Security\Attribute\TrustedCallback attribute for the method. ------ --------------------------------------------------------------------------------------------------------------------------------- ------ ------------------------------------------------------------------------------------------------------------------------------------- Line tests/Drupal/Tests/Core/Render/RendererTest.php ------ ------------------------------------------------------------------------------------------------------------------------------------- 623 #access_callback callback class 'Drupal\\Tests\\Coreβ¦' at key '0' does not implement Drupal\Core\Security\TrustedCallbackInterface. π‘ Change record: https://www.drupal.org/node/2966725. 623 #access_callback callback class 'Drupal\\Tests\\Coreβ¦' at key '0' does not implement Drupal\Core\Security\TrustedCallbackInterface. π‘ Change record: https://www.drupal.org/node/2966725. 623 #access_callback callback class 'Drupal\\Tests\\Coreβ¦' at key '0' does not implement Drupal\Core\Security\TrustedCallbackInterface. π‘ Change record: https://www.drupal.org/node/2966725. 623 #access_callback callback class 'Drupal\\Tests\\Coreβ¦' at key '0' does not implement Drupal\Core\Security\TrustedCallbackInterface. π‘ Change record: https://www.drupal.org/node/2966725. ------ -------------------------------------------------------------------------------------------------------------------------------------
- last update
12 months ago Custom Commands Failed - @andypost opened merge request.
- last update
12 months ago 30,373 pass, 3 fail - Status changed to Needs review
12 months ago 1:05pm 6 October 2023 - π«π·France andypost
@mglaman still reported https://git.drupalcode.org/issue/drupal-3354584/-/pipelines/27567/codequ...
Added workaround to MR to simplify testing
- last update
12 months ago 30,375 pass, 1 fail - last update
12 months ago 30,375 pass, 1 fail - π«π·France andypost
One test still fails
\Drupal\KernelTests\Core\DependencyInjection\AutowireTest
looks like it needs fixes as this services has no interface anymore - π«π·France andypost
The failed test looks like has wrong expectations, specifically looking at
'Drupal\Core\Security\TrustedCallbackInterface' => 'announcements_feed.lazy_builders'
the whole test from https://git.drupalcode.org/issue/drupal-3354584/-/jobs/149954
Fail Other phpunit-328.xml 0 Drupal\KernelTests\Core\DependencyI PHPUnit Test failed to complete; Error: PHPUnit 9.6.8 by Sebastian Bergmann and contributors. Testing Drupal\KernelTests\Core\DependencyInjection\AutowireTest .F 2 / 2 (100%) Time: 00:01.762, Memory: 4.00 MB There was 1 failure: 1) Drupal\KernelTests\Core\DependencyInjection\AutowireTest::testCoreServiceAliases Failed asserting that two arrays are identical. --- Expected +++ Actual @@ @@ 'Drupal\user\UserDataInterface' => 'user.data' 'Drupal\user\UserAuthInterface' => 'user.auth' 'Drupal\user\PermissionHandlerInterface' => 'user.permissions' - 'Drupal\user\ToolbarLinkBuilder' => 'user.toolbar_link_builder' 'Drupal\user\UserFloodControlInterface' => 'user.flood_control' 'Drupal\user\ModulePermissionsLinkHelper' => 'user.module_permissions_link_helper' 'Drupal\update\UpdateManagerInterface' => 'update.manager' @@ @@ 'Drupal\system\SecurityAdvisories\SecurityAdvisoriesFetcher' => 'system.sa_fetcher' 'Drupal\system\ModuleAdminLinksHelper' => 'system.module_admin_links_helper' 'Drupal\statistics\StatisticsStorageInterface' => 'statistics.storage.node' - 'Drupal\shortcut\ShortcutLazyBuilders' => 'shortcut.lazy_builders' 'Drupal\serialization\EntityResolver\ChainEntityResolverInterface' => 'serializer.entity_resolver' 'Drupal\search\SearchPageRepositoryInterface' => 'search.search_page_repository' 'Drupal\search\SearchIndexInterface' => 'search.index' @@ @@ 'Drupal\file\FileRepositoryInterface' => 'file.repository' 'Drupal\file\Validation\RecursiveValidatorFactory' => 'file.recursive_validator_factory' 'Drupal\file\Validation\FileValidatorInterface' => 'file.validator' - 'Drupal\editor\Element' => 'element.editor' 'Drupal\content_translation\FieldTranslationSynchronizerInterface' => 'content_translation.synchronizer' 'Drupal\content_translation\ContentTranslationManagerInterface' => 'content_translation.manager' 'Drupal\content_translation\BundleTranslationSettingsInterface' => 'content_translation.manager' @@ @@ 'Drupal\config_translation\ConfigMapperManagerInterface' => 'plugin.manager.config_translation.mapper' 'Drupal\comment\CommentManagerInterface' => 'comment.manager' 'Drupal\comment\CommentStatisticsInterface' => 'comment.statistics' - 'Drupal\comment\CommentLazyBuilders' => 'comment.lazy_builders' 'Drupal\comment\CommentLinkBuilderInterface' => 'comment.link_builder' 'Drupal\ckeditor5\Plugin\CKEditor5PluginManagerInterface' => 'plugin.manager.ckeditor5.plugin' 'Drupal\ckeditor5\SmartDefaultSettings' => 'ckeditor5.smart_default_settings' @@ @@ 'Drupal\big_pipe\Render\BigPipe' => 'big_pipe' 'Drupal\ban\BanIpManagerInterface' => 'ban.ip_manager' 'Drupal\announcements_feed\AnnounceFetcher' => 'announcements_feed.fetcher' - 'Drupal\Core\Security\TrustedCallbackInterface' => 'announcements_feed.lazy_builders' 'Drupal\Core\Cache\VariationCacheFactoryInterface' => 'variation_cache_factory' 'Drupal\Core\Cache\Context\CacheContextsManager' => 'cache_contexts_manager' 'Drupal\Core\Cache\CacheTagsChecksumInterface' => 'cache_tags.invalidator.checksum' /builds/issue/drupal-3354584/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/issue/drupal-3354584/vendor/phpunit/phpunit/src/Framework/Constraint/IsIdentical.php:79 /builds/issue/drupal-3354584/core/tests/Drupal/KernelTests/Core/DependencyInjection/AutowireTest.php:113 /builds/issue/drupal-3354584/vendor/phpunit/phpunit/src/Framework/TestResult.php:728 FAILURES! Tests: 2, Assertions: 5, Failures: 1.
- last update
12 months ago 30,377 pass - π«π·France andypost
This services need aliases so added, maybe it makes sense to add condition for
TrustedCallbackInterface
to expectation, so services implementing this interface also will require aliasing - π«π·France andypost
Used to split out follow-up π Improve AutowireTest to ignore TrustedCallbackInterface Needs review
- π¨πSwitzerland berdir Switzerland
One thing I'm wondering here is how this works with inheritance. The method also worked if you have a subclass and override the callback there. I just verified that this doesn't work with attributes: https://3v4l.org/42bu0
Apparently this isn't something that happens with core, but especially views uses this a lot on all many plugin base classes, so there's definitely a non-zero chance that contrib/custom code has changed them? Would we need a BC layer that explicitly checks parent classes implementation?
- π«π·France andypost
Thanks, good point, maybe we should keep interface usage but check for attribute before BC
- πΊπΈUnited States fathershawn New York
Created https://github.com/mglaman/phpstan-drupal/issues/611 to request a phpstan rule that checks the parent method. If we are going to deprecate the interface we need something.
- πΊπΈUnited States fathershawn New York
I don't have much hands on experience with the PHP Reflection library - is is possible to recurse up the inheritance chain?
Or could we simply allow overrides to fail if the extending class fails to add the attribute just like we have failures if either the trustedCallbacks method either fails to be implemented for new callbacks, or is implemented but fails to call the parent method to initiate the list.
- π¨πSwitzerland berdir Switzerland
The problem is that the current patch would immediately fail on a minor release, it wouldn't be a deprecation.
But yes, if we either keep the interface and method for now but check the attribute first, which we should anyway now for performance reasons or check the hierarchy at least for BC then that would work.
- πΊπΈUnited States fathershawn New York
Thanks for clarifying @Berdir - yes we should deprecate but retain the interface and remove it in 11.x
- last update
12 months ago 30,368 pass, 2 fail - last update
12 months ago 30,368 pass, 2 fail - π«π·France andypost
Moved condition to make check for attribute a priority
- last update
12 months ago 30,393 pass - Status changed to Needs work
12 months ago 4:51pm 11 October 2023 - π«π·France andypost
\Drupal\Core\Render\Renderer::doCallback()
and\Drupal\Core\Render\Element\RenderCallbackInterface
needs work to remove mentionsmaybe makes sense to introduce
RenderCallback
attribute at the same time - last update
12 months ago 30,414 pass - π«π·France andypost
Rebased on 11.x as fixed π Improve AutowireTest to ignore TrustedCallbackInterface Needs review
- Status changed to Needs review
12 months ago 9:55am 17 October 2023 - π«π·France andypost
Needs review for #24 and related context π Introduce CallableResolver to help standardise the DX and error handling for callbacks across various subsystems Fixed
- πΊπΈUnited States fathershawn New York
maybe makes sense to introduce RenderCallback attribute at the same time
Could we not also refactor uses of RenderCallback to use
#[TrustedCallback]
? Is there some separation of concerns here that warrants two attributes? - π«π·France andypost
@FatherShawn interesting, sadly they are coupled but maybe we need more cuts for that
split it
- priority of attribute before interface check (possible for 10.2)
- separation ofRenderCallbackInterface
fromTrustedCallbackInterface
- the deprecation - π¬π§United Kingdom longwave UK
Re #17 do we need additional test coverage for the inherited case?
- Status changed to Needs work
11 months ago 11:03am 29 October 2023 The Needs Review Queue Bot β tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".
This does not mean that the patch needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.
Consult the Drupal Contributor Guide β to find step-by-step guides for working with issues.