Contrib.social

hasPermissionInGroup - either in or out.

Open on Drupal.org β†’
Created on 4 March 2024, 4 months ago
Updated 5 March 2024, 4 months ago

I've set up an 'outsider' admin role for my group type and associated it with a permission, so any user with that permission should be able to administer all groups of that type.
However users with that permission who happen to be 'insiders' cannot administer the group. Here's why:
In GroupPermissionChecker::hasPermissionInGroup, members ONLY have insider permissions. Only non-members can be admins

if ($this->groupMembershipLoader->load($group, $account)) {
  $item = $calculated_permissions->getItem(PermissionScopeInterface::INSIDER_ID, $group->bundle());
} else {
 $item = $calculated_permissions->getItem(PermissionScopeInterface::OUTSIDER_ID, $group->bundle());
}
return $item && $item->hasPermission($permission);

I did a quick fix so it checks for outsider permissions, then insider permissions if the user is a member.

    if ($item = $calculated_permissions->getItem(PermissionScopeInterface::OUTSIDER_ID, $group->bundle())) {
      if ($item->haspermission($permission))return TRUE;
    }

    // Then check their synchronized access depending on if they are a member.
    if ($this->groupMembershipLoader->load($group, $account)) {
      return $calculated_permissions->getItem(PermissionScopeInterface::INSIDER_ID, $group->bundle())->hasPermission($permission);
    }
πŸ› Bug report
Status

Active

Version

3.3

Component

Code

Created by

matslats

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @matslats
  • Comment 4 months ago β†’
    matslats
  • Comment 4 months ago β†’
    πŸ‡§πŸ‡ͺBelgium msnassar

    @matslats I think the proper solution is to create new 'insider' admin role and give it the permissions you gave for the 'outsider' admin role. Besides fixing your issue, this will also be helpful in case someone would like to give more permissions to users who on longer outsider but become insider (member).

  • Comment 4 months ago β†’
    matslats

    Do you mean to create an insider AND outsider admin role?
    The problem is admins may or may not be inside the group.
    I can do this but creating an admin role for each case doesn't feel like a 'proper' solution.

  • Comment 4 months ago β†’
    πŸ‡§πŸ‡ͺBelgium msnassar

    @matslats Yes, you should create insider and outsider role...
    This is good for cases like the one mentioned in #3

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024