Problem/Motivation
content_translation_view_access()
is invoked as an implementation of hook_ENTITY_TYPE_access()
, but it is not an implementation of this hook.
Proposed resolution
Rename the function. However, there are other functions that have a name in the same format, such as content_translation_add_access()
.
Remaining tasks
- simplify tests/add tests https://drupal.org/contributor-tasks/write-tests
User interface changes
None.
API changes
Function renames, but no functional changes.
Issues blocked by this one:
Comment | File | Size | Author |
---|---|---|---|
#28 | drupal_2200333_28.patch | 5.12 KB | Xano |
Comments
Comment #1
XanoComment #2
XanoThis issue blocks #2200229: Use entity access for Views UI routes.
Comment #4
XanoComment #5
xjmCould we make these names a bit less ambiguous? I'd say
hasFooAccess()
if they were method names.Edit: Or maybe
content_translation_check_foo_access()
?Comment #6
Gábor Hojtsycheck...access is fine. I don't have a strong opinion either way. The current patch is equally fine with me.
Comment #7
XanoUpdated as per #5. For those who wonder why the tests never caught this problem, the answer is that core never uses entity access for views'
view
operation, or at least no code that is executed during tests does. #2200229: Use entity access for Views UI routes will fix that.Comment #8
XanoBumping to major for xjm.
Comment #9
xjmha. :P I'm not sure it's actually major, but it sure is weird.
Let's add explicit test coverage for this as well as the implicit coverage coming in #2200229: Use entity access for Views UI routes.
Comment #10
XanoThis is what I've come up with so far, but I am a little stuck as to how to test this properly. There are four variables that influence how view access is determined, for instance, and writing tests that covers all possible permutations is going to be a hell of a lot of work with all the expectations that will need to be configured.
Any ideas?
Comment #11
YesCT CreditAttribution: YesCT commentedadding link to doc about tests for someone that wants to pick this up.
--
needs review to trigger testbot.
it is still needs work for test coverage.
Comment #13
YesCT CreditAttribution: YesCT commentedXano and I talked about this.
Xano is going to post a little bit more to make clear what needs to be done.
Comment #14
Gábor HojtsySo you could maybe write a test for this with invoking the view access and then expecting an exception? Or would that entirely fail? Without the fix that would fail. Looks like the problem overall is this is never invoked in core. ?!
Comment #15
XanoRe-roll.
Well, the functions must at the very least be renamed to prevent this collission. The reason nobody noticed this before, is that no code ever used entity access for Views, which is what invokes hook_ENTITY_TYPE_access(). See #2200229: Use entity access for Views UI routes for this.
Comment #16
XanoFor the record, and this is what I talked to @webchick and @YesCT about last night, this patch requires MUCH more work, because the test methods are complex and can be executed following many different scenarios. I have absolutely no interest in adding test coverage for this code, and I'd like this to be simply renamed, so I can move along and fix #2200229: Use entity access for Views UI routes, and integrate everything other access control and entity operations issues.
I understand the desire for test coverage, but I will not add it, so unless someone else steps up and provides full coverage (half coverage is no coverage), the request for tests blocks more important issues while the actual problem can be fixed easily.
Comment #17
plachThe current issue is blocking a ton of other more important work, so I don't think it's worth to hold that up just to provide additional coverage, which I completely agree is badly needed. The patch in #1 is ok and it's pretty obvious that it won't introduce any regression as it's just renaming a bunch of functions that may even be deprecated after #2155787: Introduce more flexible access control for content translation operations. The only risk we have here is we are introducing other name clashes, but I guess @xano already properly checked this is not the case :)
Since we are in the middle of a big sprint, I suggest to file a major follow-up to add test-coverage for these (semi-unused) API functions and let @xano go on with the stuff he's working on. If none will show up to work on that I'll do it myself prior to the first D8 stable release, I promise.
Comment #18
Xano@plach and I talked this through and he, as the Content Translation maintainer, agrees that renaming the functions does not cause a regression and allows more pressing issues to be fixed. We also agreed on creating a follow-up to add the test coverage and possibly refactor the code, which I posted at #2227307: Add test coverage for the content_translation_access_*() methods.
The attached patch is a re-roll of #1, and simply changes the function names to prevent any hook collisions.
Comment #19
plachTentatively marking RTBC to get feedback from committers, please see #17-#18.
Comment #20
plachComment #21
alexpottWhy do we have these unused and untested functions anyway?
If we do need to provide them then they should be tested. And this issue should add that test coverage.
Comment #22
XanoAre we seriously blocking progress on other more pressing access control issues, just because these functions were poorly designed and untested to begin with? The patch only fixes a problem. It doesn’t cause a regression.
Comment #23
XanoThis patch removes all unused functions and moves the only used function to its caller, which has extensive coverage through
\Drupal\content_translation\Tests\ContentTranslationUITest
,\Drupal\content_translation\Tests\ContentTranslationWorkflowsTest
, and\Drupal\content_translation\Tests\ContentTranslationSyncImageTest
.Comment #25
XanoComment #26
plach@Xano told me @alexpott is fine with removing the unused functions and merge the offending one directly in the caller. The failures in #23 show that this change is extensively covered so I think we should be good now.
Let's try again :)
Comment #27
alexpottComment #28
XanoRe-roll.
Comment #29
XanoRTBC if the tests pass.
Comment #30
alexpottCommitted b3df95c and pushed to 8.x. Thanks!
Comment #32
Gábor HojtsySuperb, thanks!