Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi,
When workflow is exported or packaged in a feature, it uses role ids to save permissions.
The problem is that roles can also be exported in a feature and will probably have different ids after being reimported.
This can lead to security problems because all permissions are mixed.
If the file workflow.features.inc around line 128 we can read a warning about this issue.
Features module come with some builtin functions and Drupal API provide a user_role_load_by_name function which could allow to use role names instead of rids.
Regards.
Comments
Comment #1
Bastlynn CreditAttribution: Bastlynn commentedThis has been addressed in the latest update on #558378: Make workflows exportable with Features (D6) and has been committed to dev. Thanks :)
Comment #2
DuaelFrNo, thank YOU ! :)
Comment #3
kenorb CreditAttribution: kenorb commentedI'm not sure if that ticket solved the problem completely.
Currently the export looks like:
There are lots of numbers hardcoded such as tid, sid, target_sid, roles, wid. Is there any better way of handling it? E.g. via UUID?
Comment #4
kenorb CreditAttribution: kenorb commentedComment #5
johnvComment #6
johnvPlease do not open a 3-year old issue.
As far for the ID's in the export: the export is a default CTOOLS/Features export. It contains numeric ID's, but they are all accompanied with machine names. Upon importing (using the Workflow class), the machine names are considered, not the numeric ID's.
Regarding Role Id's, there is a separate issue for Roles in translated sites.
Comment #7
johnv@kenorb, I also do not understand the precise problem you have. If needed, please open a new issue with specific test case.
Comment #8
DuaelFrQuick tip for people having issues with RIDs : use the Role Export module.