Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Updated: Comment #N
Problem/Motivation
#2105557: Add an admin_permission to EntityType annotations to provide simple default access handling added the very useful admin_permission annotation property. This removes the need for an access controller in most cases, and still simplifies the ones that exist.
However, it is not fully used yet, which is confusing for contrib module authors, especially since the access controller is optional. It will happily deny you access, even as uid 1.
Proposed resolution
Ensure that all config entities with list controllers have a permission defined.
Remaining tasks
N/A
User interface changes
N/A
API changes
N/A
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | config-admin-perm-2172973-1.patch | 6.98 KB | tim.plunkett |
Comments
Comment #1
tim.plunkettComment #2
larowlanI think whilst this makes us more consistent, not sure it helps with the 'whoops I forgot to add admin_permission' perhaps we should add a watchdog notice before returning null in checkAccess?
otherwise rtbc
Comment #3
tim.plunkettHmm, access() is called a lot. Though I guess it doesn't fall through to the NULL part of checkAccess that often...
Putting a watchdog call in EntityAccessController feels a bit wrong though.
Comment #4
larowlanSounds like a good use case for #2165549: Reduce number of password hashing iterations in all tests to improve test performance
Comment #5
larowlanmeh thats not the issue, there's an issue about having a dev env.
Comment #6
alexpottCommitted 723e5ea and pushed to 8.x. Thanks!