Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi, I create a one-way relationship name "Fan". So users can be fan of others users. The one-way work great, user are able to be fan and remove relationship, but user are able to remove there fan.
Exemple,
User A is Fan of User B
User B is able to remove the One-way relationship of User A to Them.
Is it normal ? This should not be possible, Or it should be possible to deny from the settings in admin interface when configuring the relationship type with something like, "Deny the non-owner of relationship to delete relationship".
Is it possible to do it ?!?
Thanks in advance.
Comment | File | Size | Author |
---|---|---|---|
#10 | user_relationships_1245796_oneway_relationship_deletion_10.patch | 820 bytes | Simon Georges |
#5 | user_relationships-oneway_permissions-1245796-5.patch | 1.06 KB | grasmash |
Comments
Comment #1
BerdirYou are right that there should be a way to configure this. Not sure if this is a bug though.
We're redesigning the permissions in #1115998: Revamp core and UI permissions, which adds a permission for maintaining relationships (approve/decline). It probably won't cover this case yet correctly but it could be a starting point. There will certainly nothing happen here before the linked issue is fixed, so please help there!
Comment #2
sw3b CreditAttribution: sw3b commentedOk cool thanks !
Comment #3
sw3b CreditAttribution: sw3b commentedCould it be possible to add a permission that says "Delete follow relationships you to them" and "Delete follow relationships them to you" has an exemple. Maybe it more easy that way ?!?
Thanks for your help, I would like to help with code but i'm not there in my skill...maybe the idea is an option.
Comment #4
grasmash CreditAttribution: grasmash commented@sw3b I'll share with you the way that I addressed this.
Here's my rationale: any user who does not have 'administer relationships' permission should not be able to delete oneway relationship requested by other users. Such users should not be able to control the non-reciprocal relationships of other users in any situation.
Rather than adding a new permission to address this issue, I just added an extra conditional to user_relationships_ui_check_access() in user_relationships_ui.module.
Replace this (~line 177):
With:
Very simple change.
Comment #5
grasmash CreditAttribution: grasmash commentedPatch attached.
Comment #6
mrf CreditAttribution: mrf commentedI think this is reasonable to include, and probably doesn't warrant a separate permission. If there is a future need for a separate permission it could be something along the lines of 'delete regardless of direction' leaving this as the default.
Patch looks good and works as expected.
Would love to see a 'ban' ability so that followed users aren't completely powerless here, but thats a task for another day.
Comment #7
sw3b CreditAttribution: sw3b commentedI agree with the BAN ! Maybe post a feature...
Comment #8
BerdirHm, fine with me. Can we have a comment line above that check that states what it's actually doing? Something along the lines of:
Comment #9
MrQ CreditAttribution: MrQ commentedIs there a solution for D6?
EDIT:
Solved it. In user_relationships.tpl replaced this
with this
Comment #10
Simon Georges CreditAttribution: Simon Georges commentedRe-roll of the patch adding comment suggested by Berdir in #8, changing the patch to reflect the comment (by changing
$relationship_type->requestee_id == $user->uid
into$relationship_type->requester_id != $user->uid
).Please review.
Comment #11
BerdirCommited.
Comment #13
kerby70 CreditAttribution: kerby70 commented