Since updating from 7x-3.2 to 7x-3.3 I'm getting "Skipped XXXX due to insufficient permissions." for vbo actions using the 'Pass ids as arguments to a page' action. I made a comment on another issue which is probably due to the same change)
Having looked at the changes between 3.2 and 3.3 I've found it's caused by a change to the code in ViewsBulkOperationsAction::getAccessMask() in plugins/operation_types/action.class.php.
In 3.2 it was:
// Assume edit by default.
if (!isset($this->operationInfo['behavior'])) {
$this->operationInfo['behavior'] = array('changes_property');
}
And in 3.3 it changed to:
// Assume edit by default.
if (empty($this->operationInfo['behavior'])) {
$this->operationInfo['behavior'] = array('changes_property');
}
So where before if an action had an empty array set for 'behavior' it now sets it to the default "changes_property" behavior.
This means that actions that don't set the behavior array in the hook_action_info() will now start checking update permissions where before they didn't check any permissions.
I have a fix for the 'Pass ids as arguments to a page' action which adds the ability to set which behavior(s) the action uses in the views vbo admin. This is because this action in particular could be used for any behavior depending which URL is set to pass the IDs to so you need to be able to set the correct behavior when setting the URL for the action.
For any other user created action that is now failing with the skipped permissions then I think that it just needs a correct behavior array added to the action info definition.
The patch basically modifies plugins/operation_types/action.class.php to check for the existence of a behavior key in the adminOprions['settings'] array to use instead of the default:
// Assume edit by default unless set by admin settings
if (empty($this->operationInfo['behavior'])) {
if (isset($this->adminOptions['settings']['behavior'])) {
$this->operationInfo['behavior'] = $this->adminOptions['settings']['behavior'];
} else {
$this->operationInfo['behavior'] = array('changes_property');
}
}
This enables any action to override the default if you can't set the behavior array in the action info.
The patch also adds the behavior settings to the 'Pass ids as arguments to a page' action (/actions/argument_selector.action.php) by adding a behavior form element to the admin form.
function views_bulk_operations_argument_selector_action_views_bulk_operations_form($options) {
$form['url'] = array(
'#title' => t('URL'),
'#type' => 'textfield',
'#description' => t('Enter a URL that the user will be sent to. A comma-separated list of selected ids will be appended.'),
'#default_value' => isset($options['url']) ? $options['url'] : '',
'#field_prefix' => url(NULL, array('absolute' => TRUE)) . (variable_get('clean_url', 0) ? '' : '?q='),
);
$form['behavior'] = array(
'#title' => t('Behaviours'),
'#type' => 'checkboxes',
'#description' => t('Select the behaviours that this action performs for access checks.'),
'#default_value' => isset($options['behavior']) ? $options['behavior'] : array('changes_property'),
'#options' => array(
'views_property' => 'Views',
'changes_property' => 'Changes',
'creates_property' => 'Creates',
'deletes_property' => 'Deletes',
),
);
return $form;
}
Comment | File | Size | Author |
---|---|---|---|
#12 | vbo.png | 61.54 KB | damien_vancouver |
#1 | vbo_set_behaviors_in_admin_use_multi_select.patch | 1.73 KB | Altcom_Alan |
Comments
Comment #1
Altcom_Alan CreditAttribution: Altcom_Alan commentedFound an issue with the saved data when using checkboxes - I had used a multi select box at first and saved my view with it but then thought checkboxes would be nicer.
New patch uses multi select for the behavior form element.
Also added back the full stop in the comment in ViewsBulkOperationsAction::getAccessMask().
Comment #2
Shane Lu CreditAttribution: Shane Lu commentedIt works. The pass ids permission issue is solved.
Thanks!
Comment #3
vikramy CreditAttribution: vikramy as a volunteer commentedPatch works great. Thank you aBrookland.
Comment #4
azinck CreditAttribution: azinck commentedI've reopened #2254871: Default action behaviors in getAccessMask() which is where the problematic commit was introduced. I've proposed a couple of possible solutions there.
Comment #5
pmchristensen CreditAttribution: pmchristensen commentedPatch #1 works great and as you would expect. Doesn't make any sense that this action doesn't have any behavior assigned and therefore defaults to "change_property".
This patch should be accepted and apply to the project.
Comment #6
harora CreditAttribution: harora commentedHi,
I used the patch but it didn't work for me.
I am still getting insufficient permission error for action pass id as an argument.
I passing node ids to a view for printing. I am using behaviour 'changes property'. I have tried with create and view as well but does not work.
Can anyone help me please.
Thank you
Comment #7
giorez CreditAttribution: giorez commentedthe patch doesn'y fix the issue
Comment #8
giorez CreditAttribution: giorez commentedComment #9
harora CreditAttribution: harora commentedI have fixed my issue.
In views, there is option to bypass access check and it solved.
May help someone.
Thanks
Comment #10
BD3 CreditAttribution: BD3 commentedPatch from #1 did not fix the issue for me neither did #2254871: Default action behaviors in getAccessMask(). Just to test, reverting back to 7.x-3.2 did fix the issue.
Comment #11
giorez CreditAttribution: giorez commentedany news on this issue?
Comment #12
damien_vancouver CreditAttribution: damien_vancouver as a volunteer commentedPatch #1 worked great for me. For those having problems, did you edit your view after applying the patch? Follow the below steps:
(See my attached image of the drop-down that needs to be changed).
Comment #13
giorez CreditAttribution: giorez commentedpatch #1 didn't solve the issue, I even edited the views, but I'm still getting "Skipped XXXX due to insufficient permissions" when i'm trying to send SMS or email to users.
Comment #14
jarodms CreditAttribution: jarodms commentedpatch #1 fixed the issue for me. I re-saved the view with the correct behavior and all is good. Thanks!
Comment #15
sylvaticus CreditAttribution: sylvaticus commentedpatch in #1 also worked for me...
Comment #16
ayduns CreditAttribution: ayduns commentedA smaller workaround for this issue is to add
to actions/argument_selector.action.inc
Probably not a good solution to the broader issue, but we're only passing ids to a URL.
Comment #17
troybthompson CreditAttribution: troybthompson commentedPatch #1 solved my problems after changing Behaviours to Views. Thanks!
Comment #18
joelpittetPlease review the patches proposed in #2254871: Default action behaviors in getAccessMask(), which should solve this issue