Dynamic scope with role granularity does not inherit authenticated permissions as expected

Open on Drupal.org →

Created on 31 May 2024, 27 days ago

Updated 25 June 2024, 3 days ago

Problem/Motivation

When creating a dynamic scope with role granularity for a custom role, the scope does not inherit authenticated permissions as it does in all other Drupal contexts. This is confusing.

The standard behavior for Drupal is this: if the authenticated role has "access content" permission, and another custom role called "premium" is created, it will inherit the “access content” permission from the authenticated role. All roles other than anonymous inherit permission from the authenticated role. Oddly, this inheritance does not appear to occur when a request is made with a simple oauth token. This leads to an inconsistent experience for users. A user with the premium role accessing the website through the browser will have different permissions than if they authenticate with the same account using a token with the same exact role.

This inheritance behavior is implicit in the Admin UI of Drupal. As an admin, I'm not even able to use the UI to explicitly assign the "access content" permission to the "premium" role if it’s already been granted to the authenticated role. The checkbox is already checked and in fact cannot be unchecked — inheritance is both default and mandatory.

Proposed resolution

The dynamic scope with role granularity should inherit permissions from the authenticated role, as it does in all other Drupal contexts.

🐛 Bug report

Status

Fixed

Version

6.0

Component

Code

Created by

🇺🇸United States grasmash

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Merge Requests

!129Dynamic scope with role granularity does not inherit authenticated permissions as expected
Merged
🇺🇸United States grasmash
updated 17 days ago

Comments & Activities

Issue created by @grasmash
Comment 27 days ago →
🇺🇸United States grasmash
Based on some more review, it's more accurate to say that a user has both the authenticated and premium roles, not that premium inherits from authenticated. Therefore, the solution would be to grant the authenticated role to the token as well as the premium role.
Merge request !129Issue #3451692: Dynamic scope with role granularity does not inherit authenticated permissions → (Merged) created by grasmash
Pipeline finished with Success
27 days ago
Total: 206s
#187715
Pipeline finished with Success
26 days ago
Total: 215s
#188565
Comment 25 days ago →
🇺🇸United States grasmash
Comment 25 days ago →
🇺🇸United States grasmash
Comment 25 days ago →
🇺🇸United States grasmash
Comment 25 days ago →
🇺🇸United States grasmash
Comment 17 days ago →
System Message

bojan_dev → committed 04b9b3e9 on 6.0.x authored by grasmash →
Issue #3451692: Dynamic scope with role granularity does not inherit...
Status changed to Fixed 17 days ago12:58pm 11 June 2024
Comment 17 days ago →
🇳🇱Netherlands bojan_dev
For the role granularity, it does make sense, TY for the fix.
Comment 3 days ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024