Create a new editor flow that does not involve wizards or custom pages

Created on 13 January 2025, 9 days ago

Problem/Motivation

The reason we have paths such as /group/{group}/content/add/{plugin_id} to add content to a group is because back when Group was developed for Drupal 8, there was no way to selectively hand out permissions. So we couldn't blanket grant someone permission to /node/add and then try to make it so they would only add nodes to their groups. A secondary problem was that we would need to know what Group entity they wanted to add the node to.

Fast-forward 7 years and we now have the Access Policy API in core. Which means we can completely get rid of the awkward wizards at the path mentioned above. Instead, we can now hand out the "create page content" permission only when the user is inside a certain Group context. While they are in said context and visit node/add/page, they will have access and the form will be modified to contain the required GroupRelationship fields (if any) and upon save, the node will be added to the Group.

Group context you say? Well, the idea is that we create a tiny module called group_context_select that, just like group_context_domain → , only contains a context provider to provide a Group the user selected. This could be via dropdown in the admin bar or other means if necessary.

Once you select a group, the Group module will hand out the corresponding permissions in the Drupal scope to allow you to use the regular UI as if you were creating a node inside the whole website. The benefit is that you could easily swap out group_context_select for group_context_domain or any other context provider and everything would still work.

Remaining tasks

Create a mapper so that Group permissions can be turned into Drupal permissions
Create a context provider where the user can select a Group, criteria TBD (e.g. must have edit access). Do this as a submodule called group_context_select
Create a setting in the core Group module that requires a context for this editorial flow to work. Defaults to "Group from URL", but recommended to be set to something else.
Create an access policy IN A NEW SCOPE, that maps your Group permissions to Drupal permissions when a group context is detected.
Decorate the AccessPolicyProcessor to merge this new scope with the Drupal scope. Reason for this is that we might otherwise make your regular Drupal permissions uncacheable due to too many variations.
Show a warning on forms when a user has global node add rights and is in a group context where they can't add nodes, telling them the node will be created outside of the group.

User interface changes

Many, all of the custom routes and wizards we have now will go away.

API changes

None

Data model changes

None

📌 Task

Status

Active

Version

4.0

Component

Code

Created by

🇧🇪Belgium kristiaanvandeneynde Antwerp, Belgium

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @kristiaanvandeneynde
Comment 9 days ago →
🇧🇪Belgium kristiaanvandeneynde Antwerp, Belgium
Comment 9 days ago →
🇧🇪Belgium kristiaanvandeneynde Antwerp, Belgium
Comment 9 days ago →
🇧🇪Belgium kristiaanvandeneynde Antwerp, Belgium
We could also decorate the PermissionChecker service to merge the scopes. That might actually be more logical.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024