Child of #2323895: [Meta] Document format/content of various YML files (we have been discussing how to document *.yml files).
There is a mention of *.permissions.yml files on the topic
https://api.drupal.org/api/drupal/core!modules!system!core.api.php/group...
in the core/modules/system/core.api.php file.
However, there is no documentation about the syntax of the *.permissions.yml file.
We should add an example to that section. It should contain:
- machine name
- title
- description
- restrict access
And then after the example, say that description is optional, and say that if you set "restrict access" to true, it displays a warning on the Permissions page about site security.
Probably a good novice project?
Comment | File | Size | Author |
---|---|---|---|
#37 | permissions-doco-2390239.37.patch | 3.06 KB | eojthebrave |
#35 | interdiff.txt | 3.97 KB | larowlan |
#35 | permissions-doco-2390239.34.patch | 2.82 KB | larowlan |
#35 | interdiff.callbacks.txt | 1.25 KB | larowlan |
#29 | permissions-doco-2390239.switcheroo.patch | 2.38 KB | larowlan |
Comments
Comment #1
dawehnerAs we seem to need here is to add the documentation on core/modules/user/src/PermissionHandler and tag it somehow.
I kinda think that this is the right place to document it.
Comment #2
jhodgdon@dawehner - I am not understanding #1. Are you saying that we should not document the permissions.yml file in the topic, but somewhere else instead? We can do that but it seems to me that it belongs in the topic. Most peopel would not need to care about the PermissionHandler class, and we have not used that philosophy when documenting other YML files, such as the links.*.yml files.
Comment #3
dawehnerWell, sure, but it used to be the only sane place, given that previously this documentation used to be in hook_permission().
This issue, at lesat for me, is another example where a exmaple.permissions.yml would help.
Especially for people trying to find quick examples such a file is way more convenient that a defgroup somewhere.
At least from my point of view, not having to go to api.drupal.org is a good thing.
Comment #4
jhodgdonWe have about 30 examples of permissions.yml files in Core. I think most people wanting an example would go to system.permissions.yml, and they'd probably figure out what it does by looking at it. Still, we should have some documentation. I don't see a strong reason for adding a new example to Core.
If someone *does* go to api.drupal.org for Drupal 8 (which many people do use), they'll see the topic I linked to in the issue summary as the most likely place to look, so the necessary information about the yml file should either be there or be linked from there. I'm fine with it going into the PermissionHandler class if that is where it should go; either that or put it in the topic and make a link the other way. I prefer it being in the topic since I think it's only a few lines and will give people reading the topic the information they need without having to jump to another location.
Comment #5
alexpottSee #2323895-29: [Meta] Document format/content of various YML files
Comment #6
larowlantagging as a task for today's critical office hours, good novice one
Comment #7
apratt CreditAttribution: apratt commentedTackling this for the #SprintWeekend2015.
Comment #8
dawehner.
Comment #9
apratt CreditAttribution: apratt commentedIt is not clear whether I will need a patch to add the example to the PermissionHandler but that will be my next step and then it can be used or not.
Here is what I propose for adding to https://api.drupal.org/api/drupal/core!modules!system!core.api.php/group... It is not clear to me how that will happen.
Defining permissions
Modules define permissions via a $module.permissions.yml file. This file defines machine names, human-readable names, restrict access (if required for security warning) and optionally descriptions for each permission type. The machine names are the canonical way to refer to permissions for access checking.
Here is an example from the core filter module:
Some notes:
Comment #10
apratt CreditAttribution: apratt commentedI sorted out how this type of patch happens but it is my first try at something like this.
I added an example from the filter.permissions.yml to the core.api.php with some comments.
Then I tried to add a reference to the PermissionsHandler class which already has an example in it.
Comment #11
YesCT CreditAttribution: YesCT commenteddocumenting some things from our irc conversation.
I dont think a URL is always going to be associated.
"information" sounds more comprehensive. I think it is just a human readable name.
let's make each item in the list a sentence or a phrase, but dont mix the two kinds in the same list.
ah, I see this is the def group where the more detail is being added. ok.
Comment #12
apratt CreditAttribution: apratt commentedReformated to https://www.drupal.org/node/1354#lists standards for lists and corrected a typo.
Comment #14
eojthebraveLooking good. I've just got one comment.
I think this might be the wrong use of @defgroup. The topic is already defined in core.api.php in the same block of code that you edited above.
If you're trying to make it so that a link to PermissionHandler.php's docblock displays under the @defgroup topic I think you want to use @ingroup here.
You can find more on the use of @defgroup and @ingroup here: https://www.drupal.org/coding-standards/docs#defgroup
Also, you've got two "*" there, that should be just one for sure.
Comment #15
apratt CreditAttribution: apratt commentedThx for the feedback eojthebrave.
I was simply trying to make sure the PermissionHandler information was completed out by the information available in the core User_api documention. I initally simply used @see user_api and this may accomplish what I was trying to do.
Comment #16
apratt CreditAttribution: apratt commentedAnd that is what I get for creating the patch late at night. I actually removed the extra * in this one.
Comment #17
apratt CreditAttribution: apratt commentedComment #18
YesCT CreditAttribution: YesCT commentedlooking better!
https://www.drupal.org/node/1354#code
says
" Do not use a blank line between the text that explains the code sample and the code sample itself."
check the example there.
in core/modules/filter/filter.permissions.yml that description line is not wrapped.
Since this is a code snippit, dont wrap it. It is not wrapped in the code.
oops. a blank line in the the doc block.
Comment #19
YesCT CreditAttribution: YesCT commentedI'm not sure if this should be @ingroup or @see. But I know It should not have the "User accounts, ....roles" part.
See example in https://www.drupal.org/node/1354#defgroup
[edit:]
Since this doc block has information that duplicates that being added to the user_api defgroup, I think this would be better as an @see like you had it before.
Comment #20
dawehnerI still think, that you also want a examples.permissions.yml or similar, so you can just c&p an existing example and be done with it
Comment #21
apratt CreditAttribution: apratt commentedWhere would an examples.permissions.yml go in the file structure? Should I provide it as a seperate patch?
And does this make sense?
Comment #22
apratt CreditAttribution: apratt commentedThanks for the help YesCT. I have changed the spacing. And I have moved @ingroup to @see which I think was jhodgden's original intent.
Comment #23
apratt CreditAttribution: apratt commentedComment #24
YesCT CreditAttribution: YesCT commentedoops. Looks like some unrelated changes got in.
please make a new patch without those changes.
Comment #25
larowlanFixes #18, #19, #20
Hoping the presence of an example.permissions.yml doesn't show up anywhere.
Comment #26
apratt CreditAttribution: apratt commentedThanks for the patch cleanup larowlan. The inclusion of the example.permissions.yml in core/modules/system makes sense to me.
Comment #27
xjmThanks @apratt and @larowlan. As per #5, @alexpott, @catch, @effulgentsia, @webchick, and I agreed that this issue should be critical because of the security implications.
Comment #28
dawehnerI'd rather go with restrict access: false as this is the default, isn't it?
Comment #29
larowlanwhy not
Comment #30
dawehnerThank you
Comment #31
alexpottI don't think we should be creating this file. This will create problems for a custom or contrib module called
example
. Let's drop it from this patch and create a non critical follow up to think about where and which yml files we should have examples of.Comment #32
BerdirAgreed that adding a real example is strange, especially inside system.module? That would not actually conflict I think, but it is more confusing that helpful IMHO.
What if we just refer to an existing, real file as an example? filter.permissions.yml looks like a great example to me, just one permission, but almost everything covered, including restrict access and a permission callback.
Comment #33
BerdirWhich, by the way, is not documented here yet?
Comment #34
jhodgdonYeah, please do not create an example file. I think the example that is now in the core.api.php file is probably fine.
Other nitpicks from the latest patch:
a)
Needs comma before "and" here.
b)
Needs "is" in there? The rest of the bullets in this section are sentences. Also this doesn't actually explain where the machine name is in the code example. Maybe put comment lines in the sample, and add a note before it that comments have been added?
c)
I don't think "true" should be in quotes here, nor "restrict access"? Also I think there should be a comma before "a warning ...".
d) I thought that the conclusion of the discussion above was that we were *NOT* going to be adding full docs in core.api.php about this, but instead refer people to the existing docs in PermissionHandler. What happened to that? Let's just do that. Just say something like:
Modules define permissions in a *.permissions.yml file. See \Whatever\The\Namespace\is\PermissionHandler for documentation of permissions.yml files.
Comment #35
larowlanFixes #31 through #34
interdiff.callbacks.txt contains just the new hunks relating to callbacks.
Comment #36
andypostLooks good, just think about dynamic permissions which are briefly described OTOH they are special case.
PS: patch needs to check grammar
Comment #37
eojthebraveI moved the "some notes" content that was below the code sample to be inline comments in the code sample. I think this is easier to read, and easier to relate the note the the key in question.
Comment #38
andypostGreat!
Comment #39
alexpottThis issue addresses a critical bug and is allowed per https://www.drupal.org/core/beta-changes. Committed 165cd55 and pushed to 8.0.x. Thanks!
Comment #41
jhodgdonGreat job everyone, thanks!