- Issue created by @belazoth
- Merge request !11Issue #3388513: update report data permission not working β (Merged) created by belazoth
- Status changed to Needs review
over 1 year ago 11:44am 20 September 2023 - π¬π§United Kingdom belazoth
I have made a merge request with the change that will hopefully fix this issue. This is also a patch with the same changes for those who might want to use the fix before it gets merged.
- π¬π§United Kingdom belazoth
I have updated the patch and merge request as I noticed that even if you had the permission 'update report data' you could not update the report data as it was looking for a different permission.
- Status changed to Needs work
about 1 year ago 5:53pm 20 October 2023 - π¬π§United Kingdom welly
Looks pretty good to me. I would say it'd probably be preferable to inject β the AccountProxy service rather than using Drupal::currentUser but can see the module was previously using that method to get the user. The class is well set up for dependency injection so I think it might be worth doing that.
That's the only thing I would suggest, otherwise looks good.
I'll put this in "Needs work" for now - if you feel like using dependency injection for the current user/accountproxy service then please do otherwise perhaps someone else can take a look and move it to RTBC?
- Status changed to Needs review
about 1 year ago 4:38pm 27 October 2023 - π¬π§United Kingdom belazoth
Thanks for the suggestion Welly. I have updated the patch and the merge request, let me know if everything you have any other suggestions.
- π¦πΊAustralia thomwilhelm Sydney
I ran into this same issue and had tracked it down to the same place, as the "Update Report Data" button wasn't displaying for me at all even as an administrator.
One nitpick in the patch from #6:
// Only show this button to users w/proper access or super user. $uid = $this->user->id(); if ($uid == 1 || $this->user->hasPermission('update report data')) { $btn['run_button'] = [ '#type' => 'markup', '#markup' => $this->t('<div style="float:right"><a class="button" href="/admin/reports/paragraphs-report/update" onclick="return confirm(\'Update the report data with current node info?\')">Update Report Data</a></div>'), ]; }
The hasPermission method in docroot/core/lib/Drupal/Core/Session/PermissionChecker.php already does a check to see if $uid == 1, besides, Drupal is moving away from using $uid == 1 logic as it's not very flexible:
https://www.drupal.org/project/coder/issues/2975233 β¨ Add a sniff for checking against hard-coding uid=1 permissions Active
https://www.drupal.org/project/drupal/issues/540008 π Add a container parameter that can remove the special behavior of UID#1 FixedWith this in mind, I believe we can simplify the check to just be:
// Only show this button to users w/proper access. if ($this->user->hasPermission('update report data')) { $btn['run_button'] = [ '#type' => 'markup', '#markup' => $this->t('<div style="float:right"><a class="button" href="/admin/reports/paragraphs-report/update" onclick="return confirm(\'Update the report data with current node info?\')">Update Report Data</a></div>'), ]; }
- First commit to issue fork.
- Status changed to RTBC
4 months ago 6:59pm 6 September 2024 - πΊπΈUnited States generalredneck
Implemented thomwilhelm's feedback into the MR. User 1 and role permissions are working as expected. Going to call this one good to go.
-
generalredneck β
committed 409ff6a6 on 2.x authored by
Belazoth β
Issue #3388513 by Belazoth, generalredneck, welly, thomwilhelm: update...
-
generalredneck β
committed 409ff6a6 on 2.x authored by
Belazoth β
- Status changed to Fixed
4 months ago 6:59pm 6 September 2024 Automatically closed - issue fixed for 2 weeks with no activity.