Permissions checked in RoleWatchdogAccessControlHandler are not defined in role_watchdog.permissions.yml

Also, the "administer role watchdog entities" permission defined in the entity class is missing as well. May these routes be moved to /admin/people instead of /admin/structure ?

Thank you!

CommentFileSizeAuthor
#7 3153287-7.patch21.39 KBgaurav.kapoor

Comments

markus_petrux created an issue. See original summary.

markus_petrux’s picture

markus_petrux commented

Mmm... in fact, not sure if it makes sense to have permissions to view published/unpublished role watchdog entities or edit/delete them because these are managed automatically. Maybe only the "administer role watchdog entities" permission would be enough to control access to all the CRUD tasks on these entities?

gaurav.kapoor’s picture

gaurav.kapoor commented

@markus_petrux I am not able to understand any use case of having "administer role watchdog entities" permission as everything related entity is managed programmatically.

Also, I believe there are a lot of other redundant classes which we do not need.

markus_petrux’s picture

markus_petrux commented

Agree

It seems these entities are just use as a storage mechanism of the role changes activity. It makes little sense a permission to control access to view, create or edit these entities. But a mechanism to delete entries maybe?

The issue has been reported basically because the module does not defined permissions that it declares in the entity class definition of tries to use in the entity access handler, which makes the permission schema incomplete, at least.

gaurav.kapoor’s picture

gaurav.kapoor commented

@markus_petrux,
For deleting, I am already working on deleting the entries in case the user account has been deleted. Do you think we should also get rid of the following files:

1. RoleWatchdogDeleteForm.php
2. RoleWatchdogForm.php
3. RoleWatchdogAccessControlHandler.php
4. RoleWatchdogHtmlRouteProvider.php
5. RoleWatchdogListBuilder.php
6. RoleWatchdogTranslationHandler.php

Do you see any use case of keeping these files or any feature using these files?

markus_petrux’s picture

markus_petrux commented

I do not see the need to view, edit or create RoleWatchdog entities, but deleting might be needed, maybe in case a role change operation has been done by error and it is needed undo the change and remove the history?

Thank you!

gaurav.kapoor’s picture

gaurav.kapoor commented
Status: Active » Needs review
StatusFileSize
new 3153287-7.patch21.39 KB

I have added a view that can be used by administrators to view all the role watchdog entities as well as delete the history if needed.

gaurav.kapoor’s picture

gaurav.kapoor commented
Title: Cannot grant entity related permissions » Add UI to delete the role watchdog entities.
Version: 8.x-1.0-alpha3 » 8.x-1.x-dev

  • gaurav.kapoor authored f7cfdab on 8.x-1.x 
    Issue #3153287 by gaurav.kapoor: Add UI to delete the role watchdog...
gaurav.kapoor’s picture

gaurav.kapoor commented
Status: Needs review » Fixed

I have pushed it, for now, please create a new issue in case you find any bugs.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.