Contrib.social

hasPermissionInGroup - either in or out.

Open on Drupal.org →
Created on 4 March 2024, 9 months ago

I've set up an 'outsider' admin role for my group type and associated it with a permission, so any user with that permission should be able to administer all groups of that type.
However users with that permission who happen to be 'insiders' cannot administer the group. Here's why:
In GroupPermissionChecker::hasPermissionInGroup, members ONLY have insider permissions. Only non-members can be admins

if ($this->groupMembershipLoader->load($group, $account)) {
  $item = $calculated_permissions->getItem(PermissionScopeInterface::INSIDER_ID, $group->bundle());
} else {
 $item = $calculated_permissions->getItem(PermissionScopeInterface::OUTSIDER_ID, $group->bundle());
}

I did a quick fix so it checks for outsider permissions, then insider permissions if the user is a member.

    if ($item = $calculated_permissions->getItem(PermissionScopeInterface::OUTSIDER_ID, $group->bundle())) {
      if ($item->haspermission($permission))return TRUE;
    }

    // Then check their synchronized access depending on if they are a member.
    if ($this->groupMembershipLoader->load($group, $account)) {
      return $calculated_permissions->getItem(PermissionScopeInterface::INSIDER_ID, $group->bundle())->hasPermission($permission);
    }
🐛 Bug report
Status

Active

Version

3.3

Component

Code

Created by

matslats

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @matslats
  • Comment 9 months ago
    matslats
  • Comment 9 months ago
    🇧🇪Belgium msnassar

    @matslats I think the proper solution is to create new 'insider' admin role and give it the permissions you gave for the 'outsider' admin role. Besides fixing your issue, this will also be helpful in case someone would like to give more permissions to users who on longer outsider but become insider (member).

  • Comment 9 months ago
    matslats

    Do you mean to create an insider AND outsider admin role?
    The problem is admins may or may not be inside the group.
    I can do this but creating an admin role for each case doesn't feel like a 'proper' solution.

  • Comment 9 months ago
    🇧🇪Belgium msnassar

    @matslats Yes, you should create insider and outsider role...
    This is good for cases like the one mentioned in #3

  • Comment about 1 month ago
    dabley

    I've just upgraded from groups v1 to v2, and I hit the same problem, which puzzled me for a while. The issue is also discussed in 💬 Sitewide Administrator permissions not working Closed: works as designed , which is closed as "works as designed".

    @matslats, what I think you're asking for is an option to choose "Outsider or Insider" as the group option when adding a group role. This would save developers from having to create two separate roles. So, this is a feature request rather than a bug report. I've updated the Category.

  • Comment 22 days ago
    r.van.doorn

    I've only recently updated my project to from 8.1.x to 2.x and ran into the same problem.
    At first I wanted to patch the same lines so it does the same thing as the outsider_in module use to do. I get that the new solution is a lot more flexible, but sometimes you just want a global role to work the same for an insider and an outsider.

    Creating two group roles that sync wit a global role work, but it would be great if the was an option to set a role to outsider AND Insider.

  • Comment 21 days ago
    🇧🇪Belgium kristiaanvandeneynde Antwerp, Belgium

    This is covered in the video series that was linked in the 2.0.0 release notes. You need to set up an insider and outsider role for admins now, because in some cases people only want one but not the other and for those cases it's an optimization to not have useless roles.

    I've given combined scopes a thought int he past and couldn't resolve it nicely, but with 4.x.x we might get a second shot at this. Either way, marking this as a resolved support request as it's already been explained above why it's behaving like this.

  • Comment 7 days ago
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024