- Issue created by @m.stenta
- πΊπΈUnited States m.stenta
refactor
simple_oauthto use access policies instead ofRoleStorage::isPermissionInRoles()The maintainers of
simple_oauthmay already be thinking ahead to using access policies, so we should coordinate with them to see if there are any plans developing already. We may also have to live with a patch or override for a bit, if they need to support Drupal 10.2 or earlier (before access policies were implemented).Maybe the first place to look is
\Drupal\simple_oauth\Authentication\TokenAuthUser::hasPermission(), which ultimately delegates down to\Drupal\simple_oauth\Oauth2ScopeProvider::scopeHasPermission(), which is where the module is currently checkingRoleStorage::isPermissionInRoles(). - πΊπΈUnited States m.stenta
However, in the process of testing ahead of the farmOS 3.3.0 release (which include these updates), we discovered that managed role permissions were not being applied in OAuth2 API requests
We also need to add some basic tests of the farmOS API using OAuth2. Our current tests did not catch this issue. This would be a good time to add those tests.
- πΊπΈUnited States m.stenta
For what it's worth, I also opened a core issue suggesting that
RoleStorage::isPermissionInRoles()be deprecated: π Deprecate RoleStorage::isPermissionInRoles() Active - Status changed to Needs review
5 months ago 9:46pm 7 February 2025 - πΊπΈUnited States paul121 Spokane, WA
I've opened a PR on Github implementing these changes: https://github.com/farmOS/farmOS/pull/922
- πΊπΈUnited States m.stenta
2. refactor
simple_oauthto use access policies instead ofRoleStorage::isPermissionInRoles()It sounds like this might be underway in π 6.0 is missing cache context + access policy support Active .