Since updating from 7x-3.2 to 7x-3.3 I'm getting "Skipped XXXX due to insufficient permissions." for vbo actions using the 'Pass ids as arguments to a page' action. I made a comment on another issue which is probably due to the same change)

Having looked at the changes between 3.2 and 3.3 I've found it's caused by a change to the code in ViewsBulkOperationsAction::getAccessMask() in plugins/operation_types/action.class.php.

In 3.2 it was:

    // Assume edit by default.
    if (!isset($this->operationInfo['behavior'])) {
      $this->operationInfo['behavior'] = array('changes_property');
    }

And in 3.3 it changed to:

    // Assume edit by default.
    if (empty($this->operationInfo['behavior'])) {
      $this->operationInfo['behavior'] = array('changes_property');
    }

So where before if an action had an empty array set for 'behavior' it now sets it to the default "changes_property" behavior.

This means that actions that don't set the behavior array in the hook_action_info() will now start checking update permissions where before they didn't check any permissions.

I have a fix for the 'Pass ids as arguments to a page' action which adds the ability to set which behavior(s) the action uses in the views vbo admin. This is because this action in particular could be used for any behavior depending which URL is set to pass the IDs to so you need to be able to set the correct behavior when setting the URL for the action.

For any other user created action that is now failing with the skipped permissions then I think that it just needs a correct behavior array added to the action info definition.

The patch basically modifies plugins/operation_types/action.class.php to check for the existence of a behavior key in the adminOprions['settings'] array to use instead of the default:

    // Assume edit by default unless set by admin settings
    if (empty($this->operationInfo['behavior'])) {
      if (isset($this->adminOptions['settings']['behavior'])) {
        $this->operationInfo['behavior'] = $this->adminOptions['settings']['behavior'];
      } else {
        $this->operationInfo['behavior'] = array('changes_property');
      }
    }

This enables any action to override the default if you can't set the behavior array in the action info.

The patch also adds the behavior settings to the 'Pass ids as arguments to a page' action (/actions/argument_selector.action.php) by adding a behavior form element to the admin form.

function views_bulk_operations_argument_selector_action_views_bulk_operations_form($options) {
  $form['url'] = array(
    '#title' => t('URL'),
    '#type' => 'textfield',
    '#description' => t('Enter a URL that the user will be sent to. A comma-separated list of selected ids will be appended.'),
    '#default_value' => isset($options['url']) ? $options['url'] : '',
    '#field_prefix' => url(NULL, array('absolute' => TRUE)) . (variable_get('clean_url', 0) ? '' : '?q='),
  );
  $form['behavior'] = array(
      '#title' => t('Behaviours'),
      '#type' => 'checkboxes',
      '#description' => t('Select the behaviours that this action performs for access checks.'),
      '#default_value' => isset($options['behavior']) ? $options['behavior'] : array('changes_property'),
      '#options' => array(
          'views_property' => 'Views',
          'changes_property' => 'Changes',
          'creates_property' => 'Creates',
          'deletes_property' => 'Deletes',
      ),
  );
  return $form;
}
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Altcom_Alan’s picture

Found an issue with the saved data when using checkboxes - I had used a multi select box at first and saved my view with it but then thought checkboxes would be nicer.

New patch uses multi select for the behavior form element.

Also added back the full stop in the comment in ViewsBulkOperationsAction::getAccessMask().

Shane Lu’s picture

It works. The pass ids permission issue is solved.
Thanks!

vikramy’s picture

Patch works great. Thank you aBrookland.

azinck’s picture

I've reopened #2254871: Default action behaviors in getAccessMask() which is where the problematic commit was introduced. I've proposed a couple of possible solutions there.

pmchristensen’s picture

Status: Active » Reviewed & tested by the community

Patch #1 works great and as you would expect. Doesn't make any sense that this action doesn't have any behavior assigned and therefore defaults to "change_property".

This patch should be accepted and apply to the project.

harora’s picture

Hi,
I used the patch but it didn't work for me.

I am still getting insufficient permission error for action pass id as an argument.

I passing node ids to a view for printing. I am using behaviour 'changes property'. I have tried with create and view as well but does not work.

Can anyone help me please.

Thank you

giorez’s picture

the patch doesn'y fix the issue

giorez’s picture

Status: Reviewed & tested by the community » Needs work
harora’s picture

I have fixed my issue.
In views, there is option to bypass access check and it solved.

May help someone.

Thanks

BD3’s picture

Patch from #1 did not fix the issue for me neither did #2254871: Default action behaviors in getAccessMask(). Just to test, reverting back to 7.x-3.2 did fix the issue.

giorez’s picture

any news on this issue?

damien_vancouver’s picture

FileSize
61.54 KB

Patch #1 worked great for me. For those having problems, did you edit your view after applying the patch? Follow the below steps:

  • edit your view
  • Find your Bulk Operations: field entry and click its title to bring up the edit dialog for the field
  • Scroll down and find the Operation Settings accordion. Expand that, then check the Benhaviours drop-down.
  • If Behaviours is defaulting to "Changes", you need to set that to "Views" instead... then hit "Apply"
  • "Save" the view, and finally test it again.. it will hopefully work for you.

(See my attached image of the drop-down that needs to be changed).

giorez’s picture

patch #1 didn't solve the issue, I even edited the views, but I'm still getting "Skipped XXXX due to insufficient permissions" when i'm trying to send SMS or email to users.

jarodms’s picture

patch #1 fixed the issue for me. I re-saved the view with the correct behavior and all is good. Thanks!

sylvaticus’s picture

patch in #1 also worked for me...

ayduns’s picture

A smaller workaround for this issue is to add

      'behavior' => array('empty'),

to actions/argument_selector.action.inc

function views_bulk_operations_argument_selector_action_info() {
  return array(
    'views_bulk_operations_argument_selector_action' => array(
      'label' => t('Pass ids as arguments to a page'),
      'type' => 'entity',
      'aggregate' => TRUE,
      'configurable' => FALSE,
      'hooks' => array(),
      'triggers' => array('any'),
      'behavior' => array('empty'),
    ),
  );
}

Probably not a good solution to the broader issue, but we're only passing ids to a URL.

troybthompson’s picture

Patch #1 solved my problems after changing Behaviours to Views. Thanks!

joelpittet’s picture

Status: Needs work » Closed (duplicate)

Please review the patches proposed in #2254871: Default action behaviors in getAccessMask(), which should solve this issue