Problem/Motivation
In the current implementation of the module, there's no way to granularly control which roles can import specific entity types. This poses a limitation for sites that mandate finer permission control over importing functionalities. Additionally, the module enforces entity-type-required fields upon import, which may not align with the needs of all implementations, particularly in contexts where certain required fields may not be relevant or available during import. These issues, although different, are both related to the limitations found in the import process that can lead to potential data integrity and permission management problems.
Another related issue is when importing entities via the csv_importer module; field constraints, particularly uniqueness constraints, are not being validated programmatically. This oversight leads to the potential creation of duplicate entities with the same unique field values, which should not be allowed according to the entity's field definitions.
Steps to reproduce
Steps to validate granularity control and required fields:
- Log in as a user with the permission to use the CSV import functionality and navigate to the import page.
- Observe that all importable entity types are available, regardless of user role.
- Attempt to import a CSV with missing fields that are non-essential in certain contexts.
Steps to validate data before saving:
- Ensure there is a unique constraint on a field (e.g., serial) in the entity definition.
- Use the csv_importer module to import data containing duplicate values for the serial field.
- Observe that the import does not fail or raise an error, and duplicate entities with the same serial are created.
Proposed resolution
Implement permission checks within the import form that map roles to importable entity types, ensuring careful control of who is authorized to import which entity types. Additionally, provide functionality that allows the list of required fields for an entity type to be adjusted on a per-import basis. These changes are proposed to be bundled in a single issue to ensure compatibility and avoid potential conflicts between them. They are interrelated functionalities that could affect one another's behavior when implemented separately.
Implement programmatic validation of entity constraints during the import process. Before saving each entity, invoke the validation method to check for constraint violations, particularly the uniqueness of certain fields. If violations are detected, the import process should flag an error and prevent the entity from being saved.
The resolution should include:
- Adjusting the import logic to perform entity validation checks.
- Reporting any violations back to the user with meaningful messages.
- Preventing the saving of invalid entities and handling the errors appropriately.
Remaining tasks
New permissions:
- use any csv importer
- use comment_importer csv importer
- use menu_link_content_importer csv importer
- use node_importer csv importer
- use taxonomy_term_importer csv importer
- use user_importer csv importer
- [X]
- [X]
- [ ] Update the documentation to reflect these new features.
- [ ] Complete manual and automated testing of the new features.
- [X]
- [X]
- [ ] Test the import functionality with datasets that should fail due to constraint violations.
- [X]
- [ ] Update the documentation to inform users about the validation process during imports.
User interface changes
Import form will now conditionally display entity types based on user roles.
API changes
Introduction of new hooks/plugins or alteration of existing ones to provide the necessary extensibility to modify the required fields for imports on a per-import basis.
Data model changes
No changes to the existing data model are expected.