Contrib.social

Add a toggle to keep using 2.x default behavior of allowing access for roles

Open on Drupal.org β†’
Created on 5 April 2024, over 1 year ago
Updated 9 July 2024, about 1 year ago

Problem/Motivation

As stated in the README, since 3.x the default node access behavior has been changed:
"In previous version, if you don't specify a role in your node, by default it will show it for all users. In version 3, it will now only show it to administrator."

When the content editors are used to a workflow where they only select a role when they want to restrict access to a node. As per the 2.x behavior.
It could be a pain to retrain them to start doing the opposite after a 3.x upgrade.

(Personally, I worked around this behavior using a hook, but thought a feature like this could help others. Without having to work around it or retrain the customer.)

Steps to reproduce

n/a

Proposed resolution

It would be great if there was a toggle to choose between the new or old logic.

Remaining tasks

TBD

User interface changes

TBD

✨ Feature request
Status

Needs work

Version

3.0

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium Frederikvho Belgium

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Frederikvho
  • Comment over 1 year ago β†’
    ahebrank

    +1. I've patched for now with

    diff --git a/vapn.module b/vapn.module
index ffcc861..35bb5ce 100644
--- a/vapn.module
+++ b/vapn.module
@@ -70,6 +70,12 @@ function vapn_node_access(NodeInterface $entity, $operation, AccountInterface $a
       $rid = $item->target_id;
       $allowed_roles[$rid] = $rid;
     }
+
+    // Nothing marked on a node? Allow by default.
+    if (empty($allowed_roles)) {
+      return AccessResult::neutral();
+    }
+
     $access_result = array_intersect($account->getRoles(), $allowed_roles)
       ? AccessResult::allowed()
       : AccessResult::forbidden();

    but that if could be controlled by a settings flag.

  • Status changed to Needs work over 1 year ago
  • Comment over 1 year ago β†’
    πŸ‡·πŸ‡ΊRussia qzmenko Novosibirsk

    Here is the patсh with changes from #2.
    But I agreed we need to add some toggle in module settings.

  • Comment about 1 year ago β†’
    πŸ‡§πŸ‡ͺBelgium andreasderijcke Antwerpen / Gent

    +1 to make this configurable.

    The change make sense (security, and thus access denied, by default etc), but if you have many nodes of certain type and only a few with restrictions, this change has enormous impact.
    The update hook vapn_update_9000 doesn't seem to take nodes without vapn restrictions into account.

  • Comment about 1 month ago β†’
    mattea.turnbull

    As someone who's site is thousands of open resources to <20 restricted, thank you. The change would have made this module unusable.

  • First commit to issue fork.
  • @redneko opened merge request.
  • Comment 8 days ago β†’
    redneko

    I have been keen to have a settings option to restore this behaviour, so I thought I would go ahead and build it myself.

    Please review my changes. Make sure that:

    • By default (e.g. on initial install) the 3.x behaviour occurs and the new settings option is not selected
    • When the 2.x option is selected, nodes with no VAPN option selected can be viewed by any user. Nodes with specific user roles selected can only be seen by those users

    I have included the patch file for anyone that needs it

  • Comment 8 days ago β†’
    redneko
  • Comment 7 days ago β†’
    kksandr
  • Comment 6 days ago β†’
    kksandr
    • Renamed the option to a more generic and clear name, making it easier to understand for new users unfamiliar with version 2.x.
    • Improved caching behavior for access check results.
    • Added a test that covers the new mode of operation.
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024