Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
- An authorized user having no permissions to access any cloud service providers can reach the resource pages via the dropdown menu: “Cloud service providers” → “All” → “AWS resources”
- Then, “Refresh” button shows up.
- This “Refresh” button shouldn’t show as the user has no permission to access any cloud service providers.
- When hitting the “Refresh” button, some success message shows up and no resources show.
Issue fork cloud-3292036
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #3
baldwinlouie CreditAttribution: baldwinlouie commented@yas, pull request for this functionality is here. I added a new access checking method called
checkAccessForUpdateAll
inCloudConfigController
. It is generic and can be used for the other cloud service provider modules too.The new access checking method is defined like such:
The option
entity_type
is required. I need it to do the permission checking. I can't find a way to derive that from theRoute
object passed tocheckAccessForUpdateAll()
. Ifentity_type
is not passed, the route will returnAccessResult::neutral
and the button will not show.The
cloud_config_bundle
is optional. If it isn't provided, the cloud_config_bundle is derived from theentity_type
The method takes care of checking
edit any/edit own entity_type
access. If desired, an optionperm
string can be passed. Those additional permissions are checked as well.Comment #4
yas@baldwinlouie
I posted my comments. Could you please check them? Thanks!
Comment #5
baldwinlouie CreditAttribution: baldwinlouie commented@yas, I've incorporated your coding suggestions.
Comment #6
yas@baldwinlouie
Thank you for the update. It looks good to me now. I'll merge the patch to
4.x
and5.x
, and close this issue as Fixed.Comment #7
baldwinlouie CreditAttribution: baldwinlouie commented@yas, I updated this patch slightly. In preparation for adding this check to K8s routes, I needed to support one edge case. For
K8s Nodes
there is no such thing asedit any/own K8s node
.In that case, I added a new option called
bypass_any_own_check
to the permission checking. This lets us bypass the standardedit/any/own
checking, and just check to see if the user can 1) view the particular cloud service provider, and 2)view k8s node
permission only.Comment #8
kumikoono CreditAttribution: kumikoono at DOCOMO Innovations, Inc. commented@baldwin Thanks for providing this patch. This looks good to me.
Comment #9
yas@kumikoono
Thank you for your review.
@baldwinlouie
It looks good to me, too. I'll merge the patch to
4.x
and5.x
, and close this issue as Fixed.Comment #10
yas@baldwinlouie
Could you please rebase the patch? Thanks!
Comment #11
baldwinlouie CreditAttribution: baldwinlouie commented@yas, rebased the patch.
Comment #12
yas@baldwinlouie
Thank you for rebasing. I'll merge the patch to
4.x
and5.x
, and close this issue as Fixed.Comment #15
yasComment #16
baldwinlouie CreditAttribution: baldwinlouie commented