Once we implement the proposal listed in #2453587: [policy, no patch] Changes to the project application review process, it will be possible for non-vetted users to promote one sandbox project to full project status without having obtained Git Vetted User status.

This issue proposes to update the access permissions to allow non Git vetted project owners to promote one sandbox to 'full project' status without first obtaining Git vetted status.

Remaining Tasks:

Update drupalorg_project module to allow non-vetted users to promote projects without git vetted user status.

Timing of this deployment should be carefully coordinated with other related issues ... TODO - figure out where this fits in relation to other items in the roadmap.

Members fund testing for the Drupal project. Drupal Association Learn more


jthorson created an issue. See original summary.

jthorson’s picture

Issue summary: View changes
drumm’s picture

drupalorg_project_form_project_promote_project_form_alter() is where I think this will live. If a non-vetted user has already promoted one project, disable enough of the form to make it un-submittable and add a message explaining why and their path forward to vetted status.

Do not check the vetted/not-vetted roles directly, check for a permission. A new permission is likely needed here.

Any new permission and granting create full project_(module|theme|etc) projects permission to the Git user role can be exported to the drupalorg_permissions Feature.

drumm’s picture

The name for the new permission should be something along the lines of "Create one full project"

Checking the user's existing projects can be done with an EntityFieldQuery.

mrf’s picture

Will need to modify project.module project_promote_project_access to allow a authorized git user with this new permission to access the promote tab on their profile.

drumm’s picture

The menu access callback can be overridden by drupalorg. As far as I know, the whole concept of sandbox & full projects is, so moving that toward drupalorg isn't a bad thing.

mrf’s picture

Since my best intentions ran away from me, posting an incomplete patch so anyone picking this up at least knows the parts of the code I was touching.

jthorson’s picture

Title: Allow non-git vetted users to promote up to one sandbox project to full project status » Allow non-git vetted users to promote sandbox projects to full project status
Issue summary: View changes

Discussion at DrupalCon Dublin:

With discussion of potential security policy changes at DrupalCon Dublin, it was agreed that this should be relaxed from "create one full project" to "create full projects".

Concerns were identified with namespace squatting and spam, and the agreement was to handle these manually on a 'as they happen' basis ... and if they become a big issue, will be addressed at that time.

drumm’s picture

Assigned: Unassigned » drumm

  • drumm committed 089abb6 on 7.x-3.x
    Issue #2666576: Allow non-git vetted users to promote sandbox projects...
drumm’s picture

Status: Active » Fixed
Issue tags: +needs deployment

This is ready for deployment.

drumm’s picture

This has been deployed.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.