Follow-up to #2600382: Come up with a simple access/permission system for Workspaces

Now that Workspaces have access control on themselves, can we leverage Workspaces to enhance access to entities within a workspace? Probably. :-)

From the previous issue, we want two* permissions:

bypass content access control in own workspace - Similar to the "bypass content access control" but specific to only the user's own workspaces. This will allow users to edit any content in own workspace. If the user does not have this permission, then regular content entity access rules would apply. That means a user could have wider permissions within a given workspace than they would otherwise.

bypass content access control in $id workspace - Same thing, but specific to a named workspace rather than a workspace the user own.

CommentFileSizeAuthor
#9 interdiff-2693867.txt5.52 KBCrell
#9 2693867-workspace-bypass.patch20.54 KBCrell
#7 interdiff.txt3.56 KBtimmillwood
#6 allow_users_to_bypass-2693867-6.patch17.54 KBtimmillwood
#3 2693867-workspace-bypass.patch16.43 KBCrell
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Crell created an issue. See original summary.

Crell’s picture

Crell CreditAttribution: Crell at Palantir.net for Acquia commented
Title: Come up with a simple access/permission system for Workspaces » Allow users to bypass node access controls in selected workspaces
Crell’s picture

Crell CreditAttribution: Crell at Palantir.net for Acquia commented
Status: Active » Needs review
FileSize
2693867-workspace-bypass.patch16.43 KB

Here's a kind of working patch. The code seems like it should be right, however, the test is still failing with a 404 on the second edit attempt. I'd expect a 200, or maybe a 403 if my code was wrong, but a 404 I do not understand.

timmillwood’s picture

timmillwood
Primary language English
Location 🏴󠁧󠁢󠁷󠁬󠁳󠁿 Wales, UK
CreditAttribution: timmillwood at Appnovation for Pfizer, Inc. commented

Awesome work! Apart from the failing test it looks good to me.

I'm wondering about the wording of the permissions, all across the D8 UI "content" seems to mean "node", and we're on about bypassing more than just nodes, but using the word entit(y/ies) might bring more confusion to an end user.

Maybe Bypass content entities access in own workspace would work?

Crell’s picture

Crell CreditAttribution: Crell at Palantir.net for Acquia commented

Sure, I've changed the name to "content entity access" in the branch. No new patch yet until we get the tests sorted out. I could use help on that. :-(

timmillwood’s picture

timmillwood
Primary language English
Location 🏴󠁧󠁢󠁷󠁬󠁳󠁿 Wales, UK
CreditAttribution: timmillwood at Appnovation for Pfizer, Inc. commented
FileSize
allow_users_to_bypass-2693867-6.patch17.54 KB

@crell - you forgot hook_entity_create_access(), please review and commit if you're happy.

timmillwood’s picture

timmillwood
Primary language English
Location 🏴󠁧󠁢󠁷󠁬󠁳󠁿 Wales, UK
CreditAttribution: timmillwood at Appnovation for Pfizer, Inc. commented
FileSize
interdiff.txt3.56 KB

Adding interdiff

  • Crell committed 44ca162 on 8.x-1.x 
    Issue #2693867 by timmillwood, Crell: Allow users to bypass node access...
Crell’s picture

Crell CreditAttribution: Crell at Palantir.net for Acquia commented
Status: Needs review » Fixed
FileSize
2693867-workspace-bypass.patch20.54 KB
interdiff-2693867.txt5.52 KB

D'Oh! Thanks Tim. There were some issues merging Tim's branch and mine, but I've sorted those out. I also then added some additional tests, including negative tests, and everything seems to work correctly.

Attached patch is the final change, and the interdiff is my test additions. All tests pass for me locally so I have merged the resulting branch.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

The last submitted patch, 3: 2693867-workspace-bypass.patch, failed testing.

The last submitted patch, 3: 2693867-workspace-bypass.patch, failed testing.

The last submitted patch, 6: allow_users_to_bypass-2693867-6.patch, failed testing.

The last submitted patch, 6: allow_users_to_bypass-2693867-6.patch, failed testing.

The last submitted patch, 3: 2693867-workspace-bypass.patch, failed testing.

The last submitted patch, 6: allow_users_to_bypass-2693867-6.patch, failed testing.