Contrib.social

Add a toggle to keep using 2.x default behavior of allowing access for roles

Open on Drupal.org β†’
Created on 5 April 2024, 8 months ago
Updated 9 July 2024, 5 months ago

Problem/Motivation

As stated in the README, since 3.x the default node access behavior has been changed:
"In previous version, if you don't specify a role in your node, by default it will show it for all users. In version 3, it will now only show it to administrator."

When the content editors are used to a workflow where they only select a role when they want to restrict access to a node. As per the 2.x behavior.
It could be a pain to retrain them to start doing the opposite after a 3.x upgrade.

(Personally, I worked around this behavior using a hook, but thought a feature like this could help others. Without having to work around it or retrain the customer.)

Steps to reproduce

n/a

Proposed resolution

It would be great if there was a toggle to choose between the new or old logic.

Remaining tasks

TBD

User interface changes

TBD

✨ Feature request
Status

Needs work

Version

3.0

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium Frederikvho Belgium

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Frederikvho
  • Comment 7 months ago β†’
    ahebrank

    +1. I've patched for now with

    diff --git a/vapn.module b/vapn.module
index ffcc861..35bb5ce 100644
--- a/vapn.module
+++ b/vapn.module
@@ -70,6 +70,12 @@ function vapn_node_access(NodeInterface $entity, $operation, AccountInterface $a
       $rid = $item->target_id;
       $allowed_roles[$rid] = $rid;
     }
+
+    // Nothing marked on a node? Allow by default.
+    if (empty($allowed_roles)) {
+      return AccessResult::neutral();
+    }
+
     $access_result = array_intersect($account->getRoles(), $allowed_roles)
       ? AccessResult::allowed()
       : AccessResult::forbidden();

    but that if could be controlled by a settings flag.

  • Status changed to Needs work 6 months ago
  • Comment 6 months ago β†’
    πŸ‡·πŸ‡ΊRussia qzmenko Novosibirsk

    Here is the patсh with changes from #2.
    But I agreed we need to add some toggle in module settings.

  • Comment 5 months ago β†’
    πŸ‡§πŸ‡ͺBelgium andreasderijcke Antwerpen / Gent

    +1 to make this configurable.

    The change make sense (security, and thus access denied, by default etc), but if you have many nodes of certain type and only a few with restrictions, this change has enormous impact.
    The update hook vapn_update_9000 doesn't seem to take nodes without vapn restrictions into account.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024