- last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,111 pass - last update
over 1 year ago run-tests.sh exception - last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,111 pass - last update
over 1 year ago 2,112 pass - last update
over 1 year ago 2,112 pass - last update
over 1 year ago 2,113 pass - last update
over 1 year ago 2,113 pass - last update
over 1 year ago 2,113 pass - last update
over 1 year ago 2,113 pass - last update
over 1 year ago 2,113 pass - last update
over 1 year ago 2,113 pass - last update
over 1 year ago 2,113 pass - last update
over 1 year ago 2,117 pass - last update
over 1 year ago 2,117 pass - last update
over 1 year ago 2,117 pass - last update
over 1 year ago 2,117 pass - last update
over 1 year ago 2,117 pass - last update
over 1 year ago 2,117 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago run-tests.sh exception - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago run-tests.sh exception - last update
over 1 year ago 2,121 pass 53:05 49:13 Running- last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago run-tests.sh exception - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago run-tests.sh exception - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,121 pass - last update
over 1 year ago 2,122 pass - last update
over 1 year ago 2,122 pass - last update
over 1 year ago 2,122 pass - Status changed to Needs work
over 1 year ago 4:18pm 28 August 2023 - πΈπ°Slovakia poker10
Thanks @genellann, but there is no need to reupload patches just because the filename is not according to the conventions.
---------
Thanks everyone for working on the D7 patch! I tried to go through the whole issue and relevant comments, but I am sorry if I have missed something.
There is one scenario, where two concrete steps worries me and that is (see steps 3 and 5):
- Install clean D7, create a separate non-admin user and a role with
administer users
permission - Assign the role with the permission to the newly created non-admin user - the user now can access both
admin/config/people/accounts
andadmin/people
(this is OK) - Enable the
Separate administer account settings permission
checkbox - the user suddenly cannot accessadmin/config/people/accounts
. What was the reason to remove the update hook? I think if we want to be 100% safe, we should grant the new permission to all roles which haveadminister users
once that checkbox is enabled - Grant the new
administer account settings
permission to the role - user now can accessadmin/config/people/accounts
again - And then disable the checkbox
Separate administer account settings permission
(this is OK)
The step 5 is the most problematic I think. Because when you uncheck that checkbox, the permission is still granted to the role, despite the fact that it is not displayed on
admin/people/permissions
anymore. I am not a great fan of such leftovers in database, as these can cause subsequent issues. For example, after the admin uncheck that checkbox, thisuser_access('administer account settings', $non_admin_account)
will still return TRUE, even the permission does not exists anymore. This can cause issues in custom code/contrib modules, etc.
Just to summarize, I think the most safe approach will be to grant the permission to all roles having
administer users
once enabled (not entirely sure why this was removed) and once disabled, we need to remove the permission from all roles. We should also update the tests to check this process.Also found a minor nitpick (see the extra whitespace):
+ $GLOBALS['conf'] ['user_enable_separate_account_settings'] = $form_state['values']['user_enable_separate_account_settings'];
---------
According to the backport policy, this D7 part should be split to the separate issue. I am not going to do it yet, because the patch seems to be mostly ready. Let's see if there will be any response/activity after my review and we will see what next. In case we will need more discussion or patch iterations to update it, we can split it to not cause additional noise here. Thanks!
- Install clean D7, create a separate non-admin user and a role with
- πΈπ°Slovakia poker10
Just to clarify this a bit, when speaking about "What was the reason to remove the update hook?", I meant the process of granting the new permission to all users. I know that the update hook was not suitable after the patch was changed to opt-in, but the logic could be moved to the submit handler, not removed.