- Issue created by @paul121
- πΊπΈUnited States m.stenta
Last week I opened #3415653: [META] Allow more granular access on default farmOS Views β , having forgotten that @paul121 already opened this one. I closed mine as a duplicate, but now that I think about it, we may want to have both of them. This one is suggesting a specific solution to the problem, but in chat there were some other solutions proposed, both short term and long term. They have advantages and disadvantages, so I'm going to reopen my issue and repurpose it as a [META] issue to document all of the possibilities. This one can be a feature request specifically for the "query access handler" approach. I will tweak the title of this to make that more explicit, and make this a child of the [META] issue.
@paul121 if I've misrepresented anything please feel free to adjust! I will document some of our recent discussions in the [META] issue comments.
- πΊπΈUnited States m.stenta
I propose we create a new permission
access {entity_type} collectionImportant note about the backwards compatibility considerations of this:
In discussing this further, we realized that changing the permission on Views may actually be a breaking change, though. If any downstream users have created roles that grant the
view any {entity_type}permission in order to see the default Views, and we start requiring a different permission (access {entity_type} collection), users with those roles won't be able to see the default Views.To address this, we could consider adding an update hook that automatically adds the
access {entity_type} collectionpermission(s) to any roles that have the correspondingview any {entity_type}permission(s). I *think* that would be safe, but we should give that some dedicated thought.From https://www.drupal.org/project/farm/issues/3415653#comment-15411481 β
- Merge request !81Issue #3413263: Use Entity API query access handler to filter entity queries... β (Open) created by m.stenta
- Status changed to Needs review
over 1 year ago 7:40pm 24 January 2024 - πΊπΈUnited States m.stenta
Started a
3.x-query-access-handlerbranch and pushed to a new issue fork: https://git.drupalcode.org/issue/farm-3413263/-/compare/3.x...3.x-query-...We still need to add the new permissions, with an update hook to add them to roles, etc. I wonder if we should tackle that in a separate PR and leave this just focused on enabling the query access handler?
- Status changed to Postponed
over 1 year ago 7:45pm 24 January 2024 - πΊπΈUnited States m.stenta
Actually we should do this at the same time as the Log module (see π Use Entity API query_access handler Needs review ), and make sure we use the new version, so that all our entities get the access checking together.
Postponing this. Let's get it merged in Log first, then include a
composer.jsonchange to bump thedrupal/logversion constraint accordingly in this branch. - πΊπΈUnited States m.stenta
π Use Entity API query_access handler Needs review has been merged. I will tag a 3.0.0 release of Log shortly...
In the meantime, @paul121 has opened a PR that includes this issue's MR: https://github.com/farmOS/farmOS/pull/965