Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By dawehner on
Change record status:
Published (View all published change records)
Project:
Introduced in branch:
8.x
Issue links:
Description:
Permissions are now defined in $module.permissions.yml file instead of using hook_permission().
Static permissions
Drupal 7
// in views. module file.
function views_permission() {
$permissions = array(
'access all views' => array(
'title' => t('Bypass views access control'),
'description' => t('Bypass access control when accessing views.'),
),
);
return $permissions;
}
Drupal 8
# In views.permissions.yml file.
access all views:
title: 'Bypass views access control'
description: 'Bypass access control when accessing views.'
restrict access: TRUE
Dynamic permissions
In https://www.drupal.org/node/2329485 , this mechanism was extended to support dynamic permissions.
Drupal 7
// In filter.module file.
function filter_permission() {
$perms['administer filters'] = array(
'title' => t('Administer text formats and filters'),
'restrict access' => TRUE,
);
// Generate permissions for each text format. Warn the administrator that any
// of them are potentially unsafe.
foreach (filter_formats() as $format) {
$permission = filter_permission_name($format);
if (!empty($permission)) {
// Only link to the text format configuration page if the user who is
// viewing this will have access to that page.
$format_name_replacement = user_access('administer filters') ? l($format->name, 'admin/config/content/formats/' . $format->format) : drupal_placeholder($format->name);
$perms[$permission] = array(
'title' => t("Use the !text_format text format", array('!text_format' => $format_name_replacement,)),
'description' => drupal_placeholder(t('Warning: This permission may have security implications depending on how the text format is configured.')),
);
}
}
return $perms;
}
Drupal 8
In Drupal 8, you can support dynamic permissions by referencing a function that will dynamically define those permissions. This callback defines the permissions for core's filter module.
// in filter.permissions.yml
permission_callbacks:
- Drupal\filter\FilterPermissions::permissions
// in FilterPermissions.php
class FilterPermissions {
public function permissions() {
$permissions = [];
// Generate permissions for each text format. Warn the administrator that any
// of them are potentially unsafe.
/** @var \Drupal\filter\FilterFormatInterface[] $formats */
$formats = $this->entityManager->getStorage('filter_format')->loadByProperties(['status' => TRUE]);
uasort($formats, 'Drupal\Core\Config\Entity\ConfigEntityBase::sort');
foreach ($formats as $format) {
if ($permission = $format->getPermissionName()) {
$permissions[$permission] = [
'title' => $this->t('Use the <a href="@url">@label</a> text format', ['@url' => $format->url(), '@label' => $format->label()]),
'description' => String::placeholder($this->t('Warning: This permission may have security implications depending on how the text format is configured.')),
];
}
}
return $permissions;
}
}
Impacts:
Module developers