- Issue created by @trackleft2
As of Drupal 9.3, core validates permissions during configuration import and installation. If a permission references a module that is not yet enabled—or if its dependencies are not satisfied—it is considered invalid and removed from the role configuration.
This causes problems for install profiles and distributions that define user roles with permissions from modules expected to be enabled later. These permissions are stripped during install, even if the modules are enabled in the same batch or later in the process.
See [#3193348]
Add optional support in the config_provider
plugin system to "patch" roles with valid permissions after all modules are installed.
supports_permission_patching
(default FALSE
).user.permissions
service to get all defined permissions.user.role.*
) in the active config storage.dependencies
key for affected role configs.supports_permission_patching
to the plugin annotation class and document it.ConfigProviderBase
or a helper trait.None.
supports_permission_patching
None.
Config Provider plugins can now opt in to patching user role permissions after module install. This allows install profiles and distributions to safely define roles with permissions from modules that may not be installed at the time the role is created. Enable this feature by setting supports_permission_patching = TRUE
in your config provider plugin annotation.
Active
3.0
Code