Constraint violations are not triggered for Roles on a user's account form [#3055319]

Problem/Motivation

Im trying to deny certain combination of user roles while creating or editing a user.

For this purpose I created a Constraint that should check whether the entered combination of roles is allowed. After implementing this, I experienced that the ConstraintValidator is executed, but the violation is not honoured by the underlying routines.

Steps to reproduce

To verify that my Contraint implemantation is correct, I added the same Constraint to the name and mail field in the same form. On this fields the Constraint works as expected. Im not sure whether I missed something, but my implementation seems to be correct as it's working on the other fields.

---- htdocs/modules/my_module/src/Plugin/Validation/Constraint/UserRolesConstraint.php ----
<?php

namespace Drupal\my_module\Plugin\Validation\Constraint;

use Symfony\Component\Validator\Constraint;

/**
 * Class UserRolesConstraint
 *
 * @Constraint(
 *   id = "UserRoles",
 *   label = @Translation("User roles restrictions",context = "Validation")
 * )
 *
 */
class UserRolesConstraint extends Constraint{
  public $ClientMustHaveOnlyOneGroup = 'Invalid roles selection.';
}

---- htdocs/modules/my_module/src/Plugin/Validation/Constraint/UserRolesConstraintValidator.php ----
<?php

namespace Drupal\my_module\Plugin\Validation\Constraint;

use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;

/**
 * Class UserGroupConstraintValidator
 *
 * @package Drupal\my_module\Plugin\Validation\Constraint
 */
class UserRolesConstraintValidator extends ConstraintValidator {

    /**
   * @inheritdoc
   */
  public function validate($value, Constraint $constraint) {
    $this->context->addViolation( $constraint->ClientMustHaveOnlyOneGroup);
  }
}

---- htdocs/modules/my_module/my_module.module ----
/**
 * Implements hook_entity_base_field_info_alter().
 */
function my_module_entity_base_field_info_alter(&$fields, EntityTypeInterface $entityType) {
  if ($entityType->id() == 'user') {
    $fields['roles']->addConstraint('UserRoles');
    $fields['name']->addConstraint('UserRoles');
    $fields['mail']->addConstraint('UserRoles');
  }
}

Attached is a screen shot of the result, I would have expected the the 'Roles' were marked as error as well.

Proposed resolution

Trigger Constraint violations for Roles on a user's account form

Remaining tasks

Write a merge request
Review
Commit

User interface changes

Errors are now shown when there are constraint violations that apply to the assigned roles for a user.

Introduced terminology

None

API changes

None

Data model changes

None

Release notes snippet

None

Comment	File	Size	Author
#18	3055319-nr-bot.txt	91 bytes	needs-review-queue-bot
	Bildschirmfoto vom 2019-05-17 08-05-24.png	49.39 KB	mmbk

Issue fork drupal-3055319

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

1 hidden branch

3055319-roles-constraint-violations

changes, plain diff MR !11317

Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Comments

Comment #1

17 May 2019 at 06:08

mmbk created an issue. See original summary.

Comment #2

17 May 2019 at 06:08

Version:

8.8.x-dev

» 8.9.x-dev

Drupal 8.8.0-alpha1 will be released the week of October 14th, 2019, which means new developments and disruptive changes should now be targeted against the 8.9.x-dev branch. (Any changes to 8.9.x will also be committed to 9.0.x in preparation for Drupal 9’s release, but some changes like significant feature additions will be deferred to 9.1.x.). For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Comment #3

17 May 2019 at 06:08

Version:

8.9.x-dev

» 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Comment #4

17 May 2019 at 06:08

Version:

9.1.x-dev

» 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

Comment #5

17 May 2019 at 06:08

Version:

9.2.x-dev

» 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Comment #6

17 May 2019 at 06:08

Version:

9.3.x-dev

» 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Comment #7

cilefen commented 17 January 2022 at 01:01

Status:

Active

» Closed (outdated)

I am closing this support request because there have been no recent comments.

The Drupal Core issue queue is not the ideal place for support requests. Consider other sources of support.

Comment #8

abelass

French

Barcelona

commented 18 March 2022 at 14:51

I have the same issue

Comment #9

idebr commented 27 February 2025 at 13:08

Title:	Field 'roles' in user's 'edit-form' cannot be validatet with a constraint.	» Constraint violations are not triggered for Roles' on a user's account form
Version:	9.4.x-dev	» 11.x-dev
Category:	Support request	» Bug report
Status:	Closed (outdated)	» Active

Confirmed the issue still occurs in 11.x

Comment #10

27 February 2025 at 13:47

idebr opened merge request !11317

Comment #11

idebr commented 27 February 2025 at 13:49

Title:	Constraint violations are not triggered for Roles' on a user's account form	» Constraint violations are not triggered for Roles on a user's account form
Status:	Active	» Needs review

The merge request adds 'roles' to AccountForm getEditedFieldNames() and flagViolations(), so Constraint violations are properly displayed as form errors.

Comment #12

smustgrave commented 1 March 2025 at 22:06

Status:	Needs review	» Needs work
Issue tags:		+Needs issue summary update

Thank you for starting this with test coverage!

Issue summary appears to be missing sections, would recommend adding back specifically steps and proposed solution. Other sections can be NA if it doesn't apply

Comment #13

idebr commented 4 March 2025 at 12:40

Issue summary:	View changes
Status:	Needs work	» Needs review
Issue tags:	-Needs issue summary update

The issue summary is updated with the issue summary template headings.

Comment #14

eelkeblok

he/him

Dutch

Netherlands 🇳🇱

commented 4 March 2025 at 12:48

Issue summary:	View changes
Status:	Needs review	» Reviewed & tested by the community

We applied this in our project and it does the job. Seems good to go to me.

Comment #15

catch

he/him

English

commented 10 April 2025 at 12:09

Status:

Reviewed & tested by the community

» Needs work

One comment on the test coverage.

Comment #16

idebr commented 10 April 2025 at 12:22

Status:

Needs work

» Needs review

\Drupal:state() is now replaced with \Drupal::keyvalue('user_form_test') in the test coverage

Comment #17

smustgrave commented 10 April 2025 at 14:05

Status:

Needs review

» Reviewed & tested by the community

Feedback appears to be addressed.

Comment #18

needs-review-queue-bot commented 15 April 2025 at 22:38

Status:

Reviewed & tested by the community

» Needs work

Status	File	Size
new	3055319-nr-bot.txt	91 bytes

The Needs Review Queue Bot tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".

This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

Comment #19

idebr commented 22 April 2025 at 14:42

Status:

Needs work

» Needs review

Updated merge request after #3493122: Users are able to block themselves from Drupal was committed

Comment #20

smustgrave commented 5 May 2025 at 17:36

Status:

Needs review

» Reviewed & tested by the community

Restoring previous status.

Comment #21

quietone commented 1 June 2025 at 06:55

I didn't find any unanswered questions or other work to do. I updated credit.

Leaving at RTBC.

Comment #22

30 June 2025 at 05:38

larowlan committed 84c6219a on 11.2.x

Issue #3055319 by idebr, mmbk, cilefen, quietone, catch: Constraint...

Comment #23

30 June 2025 at 05:38

larowlan committed 33da06fd on 11.x

Issue #3055319 by idebr, mmbk, cilefen, quietone, catch: Constraint...

Comment #24

larowlan

🇦🇺🏝.au GMT+10

commented 30 June 2025 at 05:39

Version:	11.x-dev	» 11.2.x-dev
Status:	Reviewed & tested by the community	» Fixed

Committed to 11.x and backported to 11.2.x

Nice find folks, really clean fix too

Comment #25

30 June 2025 at 05:39

larowlan closed merge request !11317

Comment #26

14 July 2025 at 05:44

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.