- Issue created by @tstoeckler
- 🇩🇪Germany tstoeckler Essen, Germany
So I was wondering how and where to document this and I found this in
entity.api.php
after the documentation of how to create a custom entity type and a bunch of the different handlers you can add (including the snippet about access handlers in the issue summary):Additional annotation properties can be seen on entity class examples such as
\Drupal\node\Entity\Node
(content) and\Drupal\user\Entity\Role
(configuration). These annotation properties are documented on\Drupal\Core\Entity\EntityType
.And while I don't think it's necessarily ideal to point people to
\Drupal\Core\Entity\EntityType
as that's not a particular well documented class in general, my vote would be to simply add some more elaborate documentation to the$adminPermission
property. Maybe something like the following:The name of the administrative permission.
This permission must be declared separately by the module providing the entity type. Users with the administrative permission by default are allowed to perform any operation (for example create, view, update or delete) on any entity of the type and are granted access to the overview (or collection) of the entities of that type, if one exists. If a custom access control handler is declared, access can be restricted even for users with this permission.
Since this came up in ✨ Allow entities to specify a "collection permission" Fixed and the lack of documentation was noted there, here's something similar I would add for the collection permission either there or here, whichever one lands later:
The name of the collection permission.
This permission must be declared separately by the module providing the entity type. Users with the collection permission by default are allowed to access the overview (or collection) of the entities of that type, if one exists. It does not grant access to any particular entities, but in combination with other permissions may allow to grant users, for example, access to view entities of this type in the overview, but not edit or delete them or only grant users access to manage certain entities from the overview, but not all of them. If a custom access control handler is declared, access can be restricted even further for users with this permission or further access can be granted.
- 🇩🇪Germany tstoeckler Essen, Germany
Updating issue summary now that ✨ Allow entities to specify a "collection permission" Fixed landed.
Also going ahead and adding my proposal as the proposed resolution and marking as Novice so someone can turn my suggestion into an actual patch. (Also minimally reworded my suggestion.)
- Status changed to Needs review
over 1 year ago 11:58am 17 July 2023 - last update
over 1 year ago Patch Failed to Apply - 🇮🇳India sidharth_soman Bangalore
Hi, it seems like the
\Drupal\Core\Entity\EntityType::$collection_permission
property isn't available in 10.1.x-dev. I've made the required changes in 11.x instead.Please review this patch.
- Status changed to Needs work
over 1 year ago 2:08pm 17 July 2023 - last update
over 1 year ago 29,815 pass - Status changed to Needs review
over 1 year ago 4:08pm 17 July 2023 - 🇩🇪Germany tstoeckler Essen, Germany
As noted, it should be run against 11.x
- Status changed to RTBC
over 1 year ago 4:58pm 17 July 2023 - last update
over 1 year ago Patch Failed to Apply - last update
over 1 year ago Patch Failed to Apply - last update
over 1 year ago Patch Failed to Apply - last update
over 1 year ago Patch Failed to Apply - last update
over 1 year ago Patch Failed to Apply - last update
over 1 year ago Patch Failed to Apply - last update
over 1 year ago Patch Failed to Apply - Status changed to Needs work
over 1 year ago 2:36am 4 August 2023 - 🇳🇿New Zealand quietone
Always like to see doc improvments!
-
+++ b/core/lib/Drupal/Core/Entity/EntityType.php @@ -72,6 +72,10 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * This permission must be declared separately by the module providing the entity type. @@ -79,6 +83,11 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * This permission must be declared separately by the module providing the entity type.
@sidharth_soman, all change to Drupal core are to meet the coding standards. Even though the line length is currently not test it should be followed. See Line length and wrapping → .
-
+++ b/core/lib/Drupal/Core/Entity/EntityType.php @@ -72,6 +72,10 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * This permission must be declared separately by the module providing the entity type. @@ -79,6 +83,11 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * This permission must be declared separately by the module providing the entity type.
The word 'separtely' seems wrong to be. I think it can be removed without losing any meaning.
I read the two new doc blocks and find both hard to follow. The contain long sentences with many phrases and 'ifs'. Surely this can be simpler for people with English as a first language (me) and people where English is not their first language.
-
- Status changed to Needs review
over 1 year ago 1:51pm 10 August 2023 - last update
over 1 year ago 29,958 pass - 🇮🇳India sourabhjain
I have resolved the issue mentioned in #8. Please review.
- Status changed to RTBC
over 1 year ago 6:33pm 21 August 2023 - last update
over 1 year ago 30,056 pass - last update
over 1 year ago 30,056 pass - last update
over 1 year ago 30,060 pass - last update
over 1 year ago 30,060 pass - last update
over 1 year ago 30,063 pass - last update
over 1 year ago 30,134 pass - Status changed to Needs work
over 1 year ago 2:04am 1 September 2023 - 🇳🇿New Zealand quietone
Thanks for the updates! Also, thanks for interpreting my poor typing. Reading the lastest patch with dreditor I can still see lines that are not wrapped to 80 columns. :-(
Now that I can read the text in the patch I also think it can be simplified a bit.
-
+++ b/core/lib/Drupal/Core/Entity/EntityType.php @@ -72,6 +72,14 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * If a custom access control handler is declared,
This will be easier to read with a blank line before this paragraph.
-
+++ b/core/lib/Drupal/Core/Entity/EntityType.php @@ -72,6 +72,14 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * If a custom access control handler is declared, + * access can be restricted even for users with this permission.
This is not wrapped correctly.
-
+++ b/core/lib/Drupal/Core/Entity/EntityType.php @@ -79,6 +87,18 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * If a custom access control handler is declared, access can be restricted + * even further for users with this permission or, alternatively, + * further access can be granted.
Same here, add an empty line.
-
+++ b/core/lib/Drupal/Core/Entity/EntityType.php @@ -79,6 +87,18 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * even further for users with this permission or, alternatively, + * further access can be granted.
This is not wrapped correctly
-
+++ b/core/lib/Drupal/Core/Entity/EntityType.php @@ -72,6 +72,14 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * This permission must be declared by the module providing the entity type. + * Users with the administrative permission by default are allowed to perform + * any operation (for example create, view, update or delete) on any entity + * of the type and are granted access to the overview (or collection) of the + * entities of that type, if one exists.
I suggest that we can say the same thing but a bit clearer. Correct this if I have missed something.
"This permission must be declared by the module providing the entity type. Users with the administrative permission can perform create, view, update or delete operations on any entity of that type. They also are granted access to the overview (or collection) of the entities of that type, if one exists."
-
+++ b/core/lib/Drupal/Core/Entity/EntityType.php @@ -79,6 +87,18 @@ class EntityType extends PluginDefinition implements EntityTypeInterface { + * This permission must be declared by the module providing the entity type. + * Users with the collection permission by default are allowed to access the + * overview (or collection) of the entities of that type, if one exists. + * It does not grant access to any particular entities, but in combination + * with other permissions makes it possible to grant users, for example, + * access to view entities of this type in the overview, but not edit or + * delete them or only grant users access to manage certain entities from the + * overview, but not all of them.
Similarly, I suggest that we can say the same thing but a bit clearer. Correct this if I have missed something.
"This permission must be declared by the module providing the entity type. Users with the collection permission are allowed to access the overview (or collection) of the entities of that type, if one exists. It does not grant access to any particular entities, but is used in combination with other permissions. For example. this makes it possible to grant users access to view entities of a particular type in the overview, but not edit or delete them. Another example is to grant users access to manage certain entities from the overview, but not all entities."
-
- First commit to issue fork.
- Merge request !4692Issue #3367439: Add proper documentation for entity type's admin_permission and collection_permission → (Open) created by rpayanm
- last update
over 1 year ago 30,135 pass - Status changed to Needs review
over 1 year ago 8:16pm 1 September 2023 - 🇩🇪Germany tstoeckler Essen, Germany
Thanks @quietone, agreed that your suggestion is clearer 👍
- Status changed to RTBC
over 1 year ago 2:07pm 6 September 2023 - 🇺🇸United States smustgrave
Since no one picked this up for a month don't see an issue with rpayanm working on it.
Just FYI with the novice tag we try and leave for more newer users @rpayanm
.
Appears feedback has been addressed so will RTBC. - last update
over 1 year ago 30,136 pass - last update
over 1 year ago 30,146 pass - last update
over 1 year ago 30,146 pass - last update
over 1 year ago 30,148 pass - last update
over 1 year ago 30,154 pass - Status changed to Needs review
over 1 year ago 3:41am 15 September 2023 - 🇳🇿New Zealand quietone
Thanks for making the changes for #11. However, 5 and 6 in there changed the text as well. This also needs someone familiar with this system to read those changes and confirm they are correct. It is possible that my adjustments inadvertently changed the meaning.
Setting back to NR.
- 🇺🇸United States smustgrave
@tstoeckler believe you implemented the admin_permission ticket, mind confirming the text.
- Status changed to RTBC
over 1 year ago 11:20am 16 September 2023 - 🇩🇪Germany tstoeckler Essen, Germany
Looks good to me. Since I didn't suggest this specific text and also didn't roll the patch, I think I can RTBC.
- last update
over 1 year ago 30,161 pass - last update
over 1 year ago 30,165 pass - last update
over 1 year ago 30,166 pass, 2 fail - last update
about 1 year ago 30,205 pass - last update
about 1 year ago 30,205 pass 6:34 2:05 Running- last update
about 1 year ago 30,361 pass - last update
about 1 year ago 30,360 pass - last update
about 1 year ago 30,371 pass - last update
about 1 year ago 30,379 pass - last update
about 1 year ago 30,377 pass - last update
about 1 year ago 30,382 pass - last update
about 1 year ago 30,392 pass - last update
about 1 year ago 30,397 pass - last update
about 1 year ago 30,397 pass - last update
about 1 year ago 30,414 pass 51:33 6:17 Running- last update
about 1 year ago 30,426 pass - last update
about 1 year ago 30,427 pass - last update
about 1 year ago 30,437 pass - Status changed to Needs review
about 1 year ago 3:42pm 27 October 2023 - 🇺🇸United States effulgentsia
This is a nice start, so thank you for that, but I think the wording for the collection_permission doesn't address the feedback from #2953566-53: Allow entities to specify a "collection permission" → . I agree with @gabesullice's comment there that:
- The collection permission should not control access to JSON:API collections.
- The documentation for the collection permission should make that clear.
So, I'm tagging this for review from a jsonapi maintainer.
- 🇺🇸United States effulgentsia
Adding @gabesullice to this issue to notify him since he wrote that comment in the other issue.
- 🇺🇸United States effulgentsia
This is unfortunately complicated by the fact that it's a common request that site owners want to deny access to the
/jsonapi/user/user
URL to anonymous users, so one could easily think that once there's a collection_permission on the User entity type, that taking that permission away from the Anonymous role would accomplish that. - 🇬🇧United Kingdom catch
@effulgentsia (a framework manager) explicitly asked for subsystem maintainer review on this issue and moved it down from RTBC in order to do so, so substituting back to a framework manager doesn't help move this issue forwards.
- Status changed to Needs work
10 months ago 10:47pm 23 February 2024