- Issue created by @lpeidro
- Merge request !12804Draft: Issue #3537215: Removing cache context user.roles, previously set user.permissions → (Open) created by lpeidro
In the Comment Default Formarter of the Comments module, the cache context user.roles is being added when the logic is related to permissions https://git.drupalcode.org/project/drupal/-/blob/11.x/core/modules/comme....
According to Drupal's caching best practices, when rendering depends on permissions, the appropriate cache context should be user.permissions instead of user.roles.
The documentation for user.roles explicitly states that using user.permissions is preferred for any functionality that checks permissions rather than roles https://git.drupalcode.org/project/drupal/-/blob/11.x/core/lib/Drupal/Co.... In this case, after setting the user.roles cache context, the code proceeds to check a specific permission. This creates an inconsistency and may lead to incorrect cache variations.
Impact:
Increases cache fragmentation unnecessarily (since roles vary more than permissions).
May cause incorrect or stale content for users if roles change without affecting permissions.
Introduces performance overhead because of excessive cache contexts.
Remove the user.roles cache context from the Default Formatter code.
Confirm that user.permissions is already present, as this accurately reflects the dependency on permission checks.
None. This change affects internal caching logic only.
None. This is an internal implementation detail change.
None.
Active
11.0 🔥
comment.module