- Issue created by @steven jones
- 🇬🇧United Kingdom steven jones
I thought I'd seen this issue in the queue already, but couldn't find it again, apologies if this is a duplicate.
- 🇬🇧United Kingdom steven jones
I've got a patch in the works, and the config is great!
content access already sends the config loading through a couple of functions, so we only need to change out those places and it'll work really nicely.
- 🇬🇧United Kingdom steven jones
There's some roughly working code for discussion.
I wonder if actually this should go as a 'third party' setting on the NodeType entity, and then let that handle the config storage for us etc.
- Status changed to Needs review
over 1 year ago 8:25am 24 August 2023 - last update
over 1 year ago Composer require-dev failure - @steven-jones opened merge request.
- Open on Drupal.org →Core: 9.5.x + Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Waiting for branch to pass - 🇳🇴Norway gisle Norway
Due to recent changes MR !9 produces a merge error. I've rerolled it. Please find the reroll in the attached patch.
Would appreciate a review.
- Status changed to Needs work
over 1 year ago 11:07am 5 September 2023 - 🇬🇧United Kingdom steven jones
So thinking about this more, I really think this should be a third party setting on the NodeType entity, and then it handles all the storage for us, which removes a ton of code etc.
I really don't think my original approach of adding another config entity type was the right way to go here!I'd suggest:
- Release 2.0.0 without this change
- Work on the change, getting the config into the third party settings collection
- Release a 2.1.0 that contains an upgrade path etc.
That then doesn't hold up the release, but then also reduces the maintenance burden going forward.
@gisle however, you're the module maintainer here, so what do you reckon, should we aim for being a third party setting instead?
- 🇳🇴Norway gisle Norway
Yes, I am the module maintainer (not because I am the most qualified, but because I need this module, and nobody else seemed to be willing to do the job). This is not an area where I claim to be an expert, so I have to rely to the judgement of others, such as yourself.
Lately, I've also become aware that serialized data may be insecure (see, for example, related issue 🐛 unserialize() is insecure unless allowed classes are limited. Use a safe format like JSON or use the allowed_classes option. Fixed ). That's is another strong argument for moving it from serialized data and into a separate settings file.
As for implementing as a third party setting on the NodeType entity, I think that sounds as a better solution, and if it can be done, I m prepared to wait for that.
As for issues holding back a full 2.0.0 release, they are tracked here: 🌱 [meta] Content Access release 2.0.0 Fixed . I haven't added this issue as a blocker. The major one seems to be getting automated tests working again.
PS: I've looked at your profile page and it is impressive. I open to adding a co-maintainer to this project if you're interested.
- 🇬🇧United Kingdom steven jones
Thanks @gisle, that makes sense!
Thanks for maintaining this module, it is much appreciated.
I'd be up for being a co-maintainer if you'd have me. It does seem like content access (and acl) need some love to bring them into the modern PHP and Drupal 9 world proper, and they can probably go back into hibernation :)
- 🇳🇴Norway gisle Norway
Thanks for offering to help out! I've added you as co-maintainer.