Roles should be in their own recipes for composability

Created on 14 June 2024, 6 months ago
Updated 2 July 2024, 6 months ago

Problem/Motivation

Other recipes should be able to use Standard's Administrator and Content Editor roles without applying the standard recipe.

But they can't because they are not composable, they are only in the standard recipe.

Steps to reproduce

See that the two role configs are in the /config folder of the standard recipe. It looks like this was the only non-composable part of standard.
https://git.drupalcode.org/project/drupal/-/tree/11.x/core/recipes/stand...

See that the Starshot prototype had to copy the configs for their own.
https://github.com/phenaproxima/starshot-prototype/tree/main/recipes/sta...

Proposed resolution

1. Create administrator_role and content_editor_role recipes.
2. Remove the config folder and files from the standard recipe.
3. Require the new recipes from the standard recipe.

Remaining tasks

Needs Review

User interface changes

N/A

API changes

N/A

Data model changes

N/A

Release notes snippet

Drupal Standard core recipes now include administrator_role and content_editor_role recipes.

📌 Task
Status

Fixed

Version

10.3

Component
recipe system 

Last updated 11 days ago

Created by

🇺🇸United States thejimbirch Cape Cod, Massachusetts

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @thejimbirch
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts
  • Status changed to Needs review 6 months ago
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts
  • Pipeline finished with Failed
    6 months ago
    Total: 545s
    #198871
  • Status changed to Active 6 months ago
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts

    Actually, let's make this even more composable as outlined in the docs. It would be very common for a recipe author to want to install just the Administrator role, and not the Content editor.

  • Pipeline finished with Failed
    6 months ago
    Total: 169s
    #198910
  • Status changed to Needs review 6 months ago
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts

    Updating title for clarity.

  • Status changed to Needs work 6 months ago
  • The Needs Review Queue Bot tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

    This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

    Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

  • Status changed to Needs review 6 months ago
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts

    Based on discussion with Phenaproxima in https://drupal.slack.com/archives/C2THUBAVA/p1718367577268629

    We don't need the standard_roles recipe if we have both of the roles broken out.

    We are also going to simplify the need for additional files and use the ensure_exists config action to create the config if it doesn't exist.

  • Status changed to Needs work 6 months ago
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts
  • Status changed to Needs review 6 months ago
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts
  • Pipeline finished with Failed
    6 months ago
    Total: 179s
    #198972
  • Status changed to Needs work 6 months ago
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts

    Need to fix coding standards.

  • Status changed to Needs review 6 months ago
  • 🇺🇸United States thejimbirch Cape Cod, Massachusetts
  • Pipeline finished with Success
    6 months ago
    Total: 545s
    #198983
  • Status changed to RTBC 6 months ago
  • 🇺🇸United States phenaproxima Massachusetts

    I was initially unsure about this, but after some discussion in Slack with @thejimbirch, I'm convinced. This also completely clarifies the use case for ensure_exists -- "if this already exists, go ahead and use whatever we've got; otherwise, create it with these values". That makes perfect sense for these two roles, which I can absolutely see being useful on their own in various recipes. I imagine almost every site would want at least one administrative role, and a content editor also seems like a useful role to have, although not necessarily both.

    So I'm +1 for this change, and I think it will make other recipes easier to write. The code looks good to me and passes tests, and we already have coverage to prove that all core recipes can be applied on their own.

  • 🇮🇳India guptahemant

    Possibly this issue can be used as an example to better describe why / when to use ensure_exist config action https://git.drupalcode.org/project/distributions_recipes/-/blob/1.0.x/do...

  • Status changed to Needs review 6 months ago
  • 🇬🇧United Kingdom catch

    Couple of questions on the MR about why the different permissions live in their respective places.

  • Pipeline finished with Failed
    6 months ago
    Total: 538s
    #199060
  • Status changed to Needs work 6 months ago
  • 🇺🇸United States phenaproxima Massachusetts

    Failing tests :(

  • First commit to issue fork.
  • Pipeline finished with Failed
    6 months ago
    Total: 358s
    #199505
  • Pipeline finished with Failed
    6 months ago
    Total: 637s
    #199509
  • Pipeline finished with Success
    6 months ago
    Total: 631s
    #199522
  • Status changed to Needs review 6 months ago
  • Addressed test failures & pipeline passed successfully.

    Please review, moved NR

  • Status changed to Needs work 6 months ago
  • 🇺🇸United States phenaproxima Massachusetts

    Thanks for fixing the test! Unfortunately, it's probably not the proper fix for this situation. It's not obvious from the code, but those assertions were added in order to confirm that the Standard recipe suite generates config identical to the Standard profile. So we actually need to go back and find out why the roles differ, and fix that, rather than change the test itself.

  • Pipeline finished with Failed
    6 months ago
    Total: 588s
    #199799
  • 🇺🇸United States phenaproxima Massachusetts

    Figured it out; the problem is that, in the Standard profile, the content_editor role doesn't get the "access content" permission. That's granted to anonymous and authenticated users. I adjusted the recipes to match and the test passes for me locally now.

  • Status changed to Needs review 6 months ago
  • 🇺🇸United States phenaproxima Massachusetts
  • Pipeline finished with Failed
    6 months ago
    Total: 676s
    #199829
  • There are some PHPUnit test case failure unrelated to MR & run pipeline

    pipeline passed & MR is mergeable now.

  • 🇬🇧United Kingdom the_g_bomb

    I have applied the patch from gitlab using

    composer config --json --merge extra.patches.drupal/core '{"#3454605: Roles should be in their own recipes for composability": "https://git.drupalcode.org/project/drupal/-/merge_requests/8413.diff"}'
    

    I can see that the patch applies cleanly and makes the changes described.

    I have also attempted to run:
    php -d memory_limit=512M core/scripts/drupal install core/recipes/standard

    Which completes as expected.

  • 🇺🇸United States phenaproxima Massachusetts

    Crediting @the_g_bomb for manual testing!

  • Status changed to RTBC 6 months ago
  • 🇨🇦Canada b_sharpe

    Code looks good, Tested locally and confirmed both recipes are independently composable. RTBC

  • 🇺🇸United States phenaproxima Massachusetts

    Crediting @b_sharpe for review/testing.

  • Status changed to Downport 6 months ago
  • 🇺🇸United States xjm

    Pulling default config out of Standard and into modules is a totally sensible and allowable minor-only change (since it only affects things at install time, not at runtime). This seems like the equivalent of that, so +1.

    To review this, I actually put two copies of the MR side-by-side to make sure all the permissions were the same and whatnot. I see that the most basic system permissions are assigned to the roles themselves, and then anything associated with various uninstallable modules is still part of the Standard recipe. Makes sense, and seems correct especially after reading the above discussion.

    Committed to 11.x. As a minor-only kind of change, the target version for this is probably 11.1. However, I notice the issue was filed against 11.0.x; was that intentional or just an accident because the issue selector sorts 11.x below it?

    11.0.x is in beta and 10.3.x is in RC and days from release. 10.4.x is a maintenance minor, so only gets minimal things like dependency updates, security fixes, and APIs additions related to deprecations that make it impossible for contrib to support D10 and D11 simultaneously. However, recipes has kind of a weird status, so I am going to discuss backportability with the other release managers.

    Would it negatively affect Starshot if this were not backported? Keeping in mind that installer changes and the like for Starshot wouldn't exist before 11.1.0 anyway.

    Setting PTBP and tagging for RM review to discuss the backport thing.

    Thanks everyone!

    • xjm committed 8969fdb9 on 11.x
      Issue #3454605 by thejimbirch, pooja_sharma, phenaproxima, the_g_bomb,...
  • 🇺🇸United States phenaproxima Massachusetts

    Would it negatively affect Starshot if this were not backported?

    Speaking only for the prototype: Starshot has worked around, and probably could continue to work around, the fact that the roles aren't (yet) composable in 10.x, but it would be better if they were. So I'm personally hoping this does get backported.

  • 🇺🇸United States xjm

    Discussed with @catch. Given the fact that this is a fairly harmless disruption to an API/config that has "internal/experimentalish" status, and given @phenaproxima's statement about the value to the initiative, we'll backport this all the way to 10.3. If there were more API surface or more disruption, or if it were less important, it would be 11.1 only. Thanks!

    • xjm committed 5157fe91 on 11.0.x
      Issue #3454605 by thejimbirch, pooja_sharma, phenaproxima, the_g_bomb,...
    • xjm committed 4424bc80 on 10.4.x
      Issue #3454605 by thejimbirch, pooja_sharma, phenaproxima, the_g_bomb,...
    • xjm committed df0fb9b8 on 10.3.x
      Issue #3454605 by thejimbirch, pooja_sharma, phenaproxima, the_g_bomb,...
  • Status changed to Fixed 6 months ago
  • 🇺🇸United States xjm

    Done. Thanks everyone!

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024