Problem/Motivation
#2571235: [regression] Roles should depend on objects that are building the granted permissions was just fixed, and should be included in Drupal 9.3.0.
When saving a user role, Drupal now issues a deprecation message if there are any invalid permissions (i.e., permissions not defined by an enabled module). In Drupal 10, we will throw an exception instead of creating a deprecation message.
Steps to reproduce
Proposed resolution
We should check for invalid permissions used.
We could reuse the 9.3.x code, but that is not available before Drupal 9.3 and we need to display results in the runtime environment summary where the best is to be brief and concise, so its best for us to format the message ourselves. (Also that leads to no side effects).
Remaining tasks
User interface changes
Environment check notes if there are invalid permissions or none.
API changes
None
Data model changes
None
Comment | File | Size | Author |
---|---|---|---|
#9 | 3223068.patch | 3.23 KB | Gábor Hojtsy |
#8 | 3223068.patch | 3.21 KB | Gábor Hojtsy |
#7 | 3223068.patch | 3.2 KB | Gábor Hojtsy |
#5 | 3223068.patch | 3.18 KB | Gábor Hojtsy |
#4 | 3223068.patch | 3.01 KB | Gábor Hojtsy |
Comments
Comment #2
Gábor HojtsyHm, should we run the core user role save and try to catch exceptions from there or just do a cross-check ourselves?
This seems to be enough to get a full list of all permissions available (assuming $container):
So we could use this to check against the list of permissions in roles. I fear there may be other side effects if we try to save roles. Eg. some sites may run a rules kind of rule or call out to third party systems, etc.
Comment #3
benjifisherThe deprecation notices are added in Drupal\user\Entity\Role::calculateDependencies() (current 9.3.x). That is called from
ConfigEntityBase::preSave()
. But it is a public method, so you can just callcalculateDependencies()
directly. Since that is designed to be called bypreSave()
, it should not do any saving itself.Comment #4
Gábor HojtsyThanks! That one triggering errors is also a side effect that I think we want to avoid.
I think this would look something like the attached.
Comment #5
Gábor HojtsyAdd role object to test.
Comment #6
Gábor HojtsyUpdated the issue summary. Note this bit especially.
Comment #7
Gábor HojtsyWrong variable name :D
Comment #8
Gábor HojtsyAaand the role name was wrong.
Comment #9
Gábor HojtsyIt is HTML encoded. Let's use
$this->assertSession()->pageTextContains()
which will decode it.Testbot driven development.
Comment #11
Gábor HojtsyYay!! Fixed a code comment on commit too.