I am encountering an issue with the Role-based access functionality in my Search API integration. Solr field sm_role_access is only having the roles["administrator", "authenticated"] even though other custom roles have edit permissions to edit contents. We have only given the permission "access content" for authenticated role and users with all other roles will be also having the role "authenticated". I have observed that this permission inheritance is not being properly considered when it comes to indexing content using the Processor Role-based Access.
Set up multiple roles, including the authenticated role and additional roles(eg client_manager).
Grant "access content" permission to the authenticated role.
Grant "edit any client content" permission to the client_manager role.
Enable the processor Role-based access and index the contents. Check the solr filed sm_role_access value. (As of now only "administrator" and "authenticated" will be there for a node with type client, Role "client_manager" is also expected to be along with that)
I would appreciate assistance in investigating and resolving this issue with the Processor Role-based access. The correct permissions inheritance should be reflected in the processor Role-based access as well.
Needs review
1.0
Plugins
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.
Thanks for reporting this problem!
Does the attached patch fix it?
The last submitted patch, 3: 3379608-3--role_access_processor_authenticated.patch, failed testing. View results →
Test fix is trivial, first it would be good to know if the patch generally works.