Problem/Motivation

If you don't give the "Member" rôle the "View individual group members" permissions, an user joining a group directly get an access denied because they can't see their own membership. Having the "Edit own membership" permission doesn't help.

Currently own operation group content access is checked incorrectly. To be consistent with default group content access handler.
We can handle it in the single point in preSave method.

Proposed resolution

Always allow an user to view its own membership.

Remaining tasks

Patch, Review, Commit

User interface changes

No more access denied after joining a group.

API changes

None.

Data model changes

None.

CommentFileSizeAuthor
#2 group-see-own-membership-2774729-2.patch800 bytesDuaelFr

Issue fork group-2774729

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

DuaelFr created an issue. See original summary.

DuaelFr’s picture

DuaelFr
he/him
Primary language French
Location Montpellier, France
CreditAttribution: DuaelFr as a volunteer and at Happyculture commented
Status: Active » Needs review
FileSize
group-see-own-membership-2774729-2.patch800 bytes
kristiaanvandeneynde’s picture

kristiaanvandeneynde
Primary language Dutch
Location Antwerp, Belgium
CreditAttribution: kristiaanvandeneynde at Deeson commented

Hmm, I'll look into this.

They shouldn't need view access in order to be able to edit their membership. Theoretically, they could get to the edit page if we were to provide a "Group operation" (the block with actions) that says "Edit membership info".

Perhaps we could split this up into "view any" and "view own", although I don't see the use case for that.

LOBsTerr’s picture

LOBsTerr CreditAttribution: LOBsTerr at European Commission and European Union Institutions, Agencies and Bodies commented
Title: Group members cannot see their own membership with only "Edit own membership" permission » Owner ID of Group membership should be set from User entity
Component: Group (group) » Code
Assigned: Unassigned » LOBsTerr
Issue summary: View changes

LOBsTerr opened merge request !61

LOBsTerr’s picture

LOBsTerr CreditAttribution: LOBsTerr at European Commission and European Union Institutions, Agencies and Bodies commented
Assigned: LOBsTerr » Unassigned

As we discussed, I set owner group content entity (user)
I think we also missing a permission to view any group membership. It was also added.

if everything is fins with this approach, I can introduce it also for 2.0 and 3.0 versions