Permissions may be provided by multiple modules leading to invalid role configuration

Created on 21 January 2025, 6 months ago

Problem/Motivation

The concrete problem I faced is with the Auto Entitylabel module. It provides a permission for each entity type. I had a role with such a permission and then proceeded to uninstall the module providing the respective entity type. Because the permission's provider is Auto Entitylabel and not the module I uninstalled, the permission was not removed by the uninstallation but it still became invalid and Drupal rightly started to complain about that. I originally wanted to open a bug report with the Auto Entitylabel module to change the provider of the permission to the respective entity type's provider, but then I realized that that's not valid either as that would make the permissions stick around if Auto Entitylabel itself is uninstalled.

In general, it seems permissions can depend on the existence of multiple modules, but the single provider does not account for that.

Steps to reproduce

  1. Install Auto Entitylabel
  2. Grant a role permission to administer e.g. node type labels
  3. Uninstall Node module

Expected behavior: The permission got removed from the role.

Actual behavior: The permission sticks around even though it is now invalid.

Proposed resolution

Maybe it's feasible to just support the provider of a permission being an array of module names. That would be a fairly uninvasive change and would not require any changes for modules defining permissions that just depend on a single module.

Remaining tasks

User interface changes

-

Introduced terminology

API changes

Data model changes

Release notes snippet

🐛 Bug report
Status

Active

Version

11.1 🔥

Component

user system

Created by

🇩🇪Germany tstoeckler Essen, Germany

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024