Allow more general access to farm record views

Created on 8 January 2024, over 1 year ago

Problem/Motivation

Currently our farm record views pages for assets/logs/plans/quantities/etc all require the highest level view any {entity_type} permission. This prevents users that only have permission to view a single bundle view any land asset or view their own authored bundle view own land asset from being able to view the standard record pages of farm assets.

It would be a nice feature to allow these restricted permissions access to still see the general record views pages, but within the view filter out the individual entities that the user does not have access to. This sounds like a lot of work, but thankfully I think most of the work has been done for us!

First, we can leverage the new collection_permission available with Drupal 10.2: https://www.drupal.org/node/2955178 β†’ to allow more access to our record views instead of view any {entity_type}. Nearly all users can be expected to have this permission and many of our views can be updated to use this permission. The entity module has already been providing an access asset overview "Access the asset overview page" permission that could work as this "collection permission". But I propose we create a new permission access {entity_type} collection: the "collection permission" is more general could be used for things other than just an "overview page".

Then to filter to proper access within our record views we can use the query_access handler provided by the entity module: https://www.drupal.org/node/2955178 β†’ . This will alter all entity and views queries to respect the bundle and owner permissions provided by the entity module.

Steps to reproduce

N/A

Proposed resolution

- Add a collection permission access {entity_type} collection
- Implement the entity module query access handler

Remaining tasks

Implement, test.

Also implement for log module: πŸ› Use Entity API query_access handler Needs review

User interface changes

Records pages accessible by users with more granular view permissions.

API changes

Entity queries will have added query access logic.

Data model changes

None

✨ Feature request
Status

Active

Version

3.0

Component

Miscellaneous

Created by

πŸ‡ΊπŸ‡ΈUnited States paul121 Spokane, WA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024