Contrib.social

Deleting taxonomy vocabulary does not remove related permissions

Open on Drupal.org β†’
Created on 13 December 2023, about 1 year ago
Updated 18 June 2024, 6 months ago

Problem/Motivation

When deleting a vocabulary, the related permissions are still assigned to roles.

If you then try to add new permissions via drush, a RuntimeException is thrown from \Drupal\user\Entity\Role::calculateDependencies

Adding non-existent permissions to a role is not allowed.

Steps to reproduce

1. create a taxonomy vocabulary
2. assign related permissions for that vocabulary
3. delete the vocabulary
4. check the permissions for the role- e.g. drush role:list --filter='rid=superuser' | grep 'create terms' - the permissions relating to that vocabulary are still present
5. clear cache and run cron
6. check the permissions again - the related permissions are still there
7. assign other permissions via drush, e.g. drush role:perm:add superuser 'administer search_api' - this fails with the message "Adding non-existent permissions to a role is not allowed."

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

πŸ› Bug report
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component
TaxonomyΒ  β†’

Last updated 8 minutes ago

  • Maintained by
  • πŸ‡ΊπŸ‡ΈUnited States @xjm
  • πŸ‡¬πŸ‡§United Kingdom @catch
Created by

πŸ‡¬πŸ‡§United Kingdom malcomio

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Issue created by @malcomio
  • Status changed to Postponed: needs info about 1 year ago
  • Comment about 1 year ago β†’
    πŸ‡³πŸ‡±Netherlands Lendude Amsterdam

    Tried to reproduce this on a clean Umami install but not problems there as far as I can tell

    Steps done:
    * Add a new Vocabulary
    * Add permissions for this Vocabulary to the Editor and Author roles
    * Check the config for these roles in config sync (/admin/config/development/configuration/single/export) and make sure the permissions are there
    * Delete the Vocabulary
    * Check the config for these roles in config sync (/admin/config/development/configuration/single/export) and make sure the permissions are gone

    Am I missing steps? Or does this only break when using Drush?

  • Comment 6 months ago β†’
    πŸ‡¬πŸ‡§United Kingdom malcomio

    We were also encountering this issue when granting permissions via update hooks.

    As a workaround, we added an update hook to manually revoke the permissions:

      $storage = \Drupal::entityTypeManager()->getStorage('taxonomy_vocabulary');
  $vocabularies = [
    'article_categories',
    'codes',
    'event_categories',
  ];
  foreach ($vocabularies as $vid) {
    $vocabulary = Vocabulary::load($vid);
    if ($vocabulary) {
      $permissions = [
        "create terms in $vid",
        "delete terms in $vid",
        "edit terms in $vid",
      ];
      user_role_revoke_permissions('superuser', $permissions);
      $storage->delete([$vid => $vocabulary]);
    }

    We haven't tested the original issue since then.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024