Problem/Motivation
If you don't give the "Member" rôle the "View individual group members" permissions, an user joining a group directly get an access denied because they can't see their own membership. Having the "Edit own membership" permission doesn't help.
Currently own operation group content access is checked incorrectly. To be consistent with default group content access handler.
We can handle it in the single point in preSave method.
Proposed resolution
Always allow an user to view its own membership.
Remaining tasks
Patch, Review, Commit
User interface changes
No more access denied after joining a group.
API changes
None.
Data model changes
None.
Comment | File | Size | Author |
---|---|---|---|
#2 | group-see-own-membership-2774729-2.patch | 800 bytes | DuaelFr |
Issue fork group-2774729
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
DuaelFrComment #3
kristiaanvandeneyndeHmm, I'll look into this.
They shouldn't need view access in order to be able to edit their membership. Theoretically, they could get to the edit page if we were to provide a "Group operation" (the block with actions) that says "Edit membership info".
Perhaps we could split this up into "view any" and "view own", although I don't see the use case for that.
Comment #4
LOBsTerr CreditAttribution: LOBsTerr at European Commission and European Union Institutions, Agencies and Bodies commentedComment #6
LOBsTerr CreditAttribution: LOBsTerr at European Commission and European Union Institutions, Agencies and Bodies commentedAs we discussed, I set owner group content entity (user)
I think we also missing a permission to view any group membership. It was also added.
if everything is fins with this approach, I can introduce it also for 2.0 and 3.0 versions