Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This looks awesome, thanks for writing it! Would you be willing to have me add this directly to the Metatag module, in the interest of matching the functionality that already exists in D7?
Comment | File | Size | Author |
---|---|---|---|
#32 | metatag-n2782797-32.patch | 13.14 KB | DamienMcKenna |
| |||
#31 | metatag-n2782797-31.patch | 11.71 KB | DamienMcKenna |
| |||
#31 | metatag-n2782797-31.interdiff.txt | 7.71 KB | DamienMcKenna |
#30 | metatag-n2782797-30.patch | 11.19 KB | DamienMcKenna |
| |||
#28 | metatag-n2782797-28.patch | 8.35 KB | DamienMcKenna |
|
Comments
Comment #2
michaelpetri CreditAttribution: michaelpetri commentedIt would be a honor :) Let me know when it's released so i can remove this helper module from my current project.
Comment #3
DamienMcKennaAwesome, thank you!
I'm debating whether this should be a submodule or whether it should follow the D7 method of just having an advanced setting to enable / disable it..
We'll also need to add some tests.
Comment #4
michaelpetri CreditAttribution: michaelpetri commentedCan i write the tests? I have not yet written any tests for drupal modules, could be good exercise for me.
Comment #5
DamienMcKennaAbsolutely! The general idea for tests for this functionality would be to verify that each meta tag has its own permission, that it displays correctly on the permissions page, and works correctly (the fields are hidden/visible appropriately). Thanks!
Comment #6
DamienMcKennaI renamed the module to something more specific (Metatag File Grained Permissions) and turned it into a patch, this way we have something to build from.
Comment #7
DamienMcKennaBack to needing tests.
Comment #8
DamienMcKennaI barfed the patch. This should be better.
Comment #9
DamienMcKennaNeeds tests.
Comment #10
michaelpetri CreditAttribution: michaelpetri commentedHi,
sorry for my long absence. We had a big relaunch in our company and there wasn't much free time for coding... :/
Anyway! I want to write this test asap. How to get startet?
Is this a good resource https://docs.acquia.com/article/lesson-102-unit-testing
Any additions?
Regards
Michael
Comment #11
michaelpetri CreditAttribution: michaelpetri commentedAfter a bit of research i'd write the test based on the WebTestBase Class.
I'd implement the following test scenarios:
=> Expecting MetaTag Options available.
=> Expecting no MetaTag Options available.
In my setUp method i would:
So far my plan, any additions?
Best regards
Michael
Comment #12
DamienMcKennaHey there, thanks for continuing to work on this.
Working off the node form should be enough, just add 'node' to the $modules list and create the content type during setUp().
I would suggest adding one test method that grants some permissions and then confirms which ones are enabled / disabled. You could then add another test method that gave the user the permission to create content but none of the meta tag permissions, just to see what happens for them. For bonus points X-) maybe add a test method to see if the global configuration is affected - ideally it shouldn't be, so maybe metatag_fine_grained_perms_field_widget_form_alter should be adjusted to also check the 'administer meta tags' permission?
Thanks!
Comment #13
michaelpetri CreditAttribution: michaelpetri commentedThanks for your feedback i will start working on this after work. I will share my results asap.
Comment #14
DamienMcKennaBumping this 'til after 1.0.
Comment #15
DamienMcKenna8.x-1.0 is out, so this is fair game again.
Comment #16
Rolf van de Krol CreditAttribution: Rolf van de Krol commentedI found a few bugs in the code in the patch, so I fixed those. Attached is the new patch
Comment #17
DamienMcKenna@Rolf: Excellent! I'll try to work on some tests for this soon, given the implications of this functionality I don't want to commit it without having some test coverage.
Comment #18
mvwensen CreditAttribution: mvwensen commentedCurrent patch works great for me!
Comment #19
leonardpg CreditAttribution: leonardpg commentedHas there been any movement to finish testing and roll this feature into the module? We're migrating to D8, and I would really like to limit the metatag fileds available to non-admins. Thanks!
Comment #20
TwiiK CreditAttribution: TwiiK commentedPatch in #16 works great and does what I expected coming from Drupal 7. Without the ability to filter the available meta tags for clients I feel it's just too much noise to be usable. This sub module does what I need.
Not to mention that the original "administer meta tags" permission doesn't even distinguish between access to the meta tags settings form or just the ability to change meta tags on nodes.
Comment #21
Alex G CreditAttribution: Alex G as a volunteer commentedNot sure where this is in regards to getting tests run against it but patch definitely still works.
Would be good to get this committed after testing as it's a commonly needed feature for the module.
Not sure if DamienMcKenna will be able to assist with that?
Comment #22
DamienMcKennaInitial test to make sure the site doesn't blow up after enabling the module.
Comment #24
neclimdulNeed to actually take a look at this but just got to say
<3
Comment #25
DamienMcKennaI renamed the module "metatag_extended_perms" and renamed the base permission "access metatag" instead of "access metatag tag" to make it slightly less verbose, and I improved the documentation slightly.
Comment #26
Dave ReidAnother solution for filtering the list of visible meta tags: #3108108: Allow which metatags are visible on the field widget to be editable
Comment #27
mxr576Because #25 introduces a new submodule I like this more than #3108108 which currenctly changes definition of existing services that is going to break deploys on dowstream projects. Although, I must admin the test in #25 is useless :)
Comment #28
DamienMcKennaRerolled, and added D9 compatibility.
Comment #29
DamienMcKennaI'll work on some improved test coverage for this.
Comment #30
DamienMcKennaI renamed and repurposed the test file to check for each of the main module's meta tags.
Comment #31
DamienMcKennaThis adds a check to make sure that user 1 can see all of the meta tags, even if the permissions don't allow it, and makes sure that a person with limited access can only see certain fields.
In short, this should be pretty perfect now.
Comment #32
DamienMcKennaOh, evidently some things were missed in the last patch, sorry about that.
Comment #34
DamienMcKennaCommitted. Thank you all, especially michaelpetri.
Comment #35
DamienMcKennaComment #36
DakwamineHello! I have just stumbled upon this issue. I am looking for a solution for this use case: as a content editor, I want to see only meta tag fields which I have rights to edit them. By any chance, does this new module responds to this use case?
Comment #37
DamienMcKenna@Dakwamine: Yes, it does.
Comment #38
DakwamineThank you very much! I am feeling lucky today. :) Good job, everyone! 👏
Comment #39
BerdirA bit late to the party, this is interesting, but the amount of of permissions this is going to add is going to be a deal-breaker for a lot of sites, including ours. Especially if you add modules like schema_metatag to the mix.
Couldn't this be opt-in like field_permissions has been for a while, where you can enable permissions per group or even tag and possibly also have it share the same permissions. It's quite a bit more complicated, but I think the majority of sites aren't going to need 100 permissions that they can each uniquely assign, they're going to have 1-3 sets/levels of metatags that they want to make accessible for their different user roles.
It also only partially addresses the performance aspect of this, as the hidden form elements still need to be processed by the form builder.
Some approaches I've seen introduce the concept of filtering definitions, then not having permission from them could already skip them from being instantiated and preparing the form. Of course yet another complication is that there might be values that need to be persisted even if the current user doesn't have access.
What we did in our project is to have a list of "restricted metatags" and all those are then behind a single permission check.
I'm fully aware that I'm late with that comment, now that it has been committed like this.
Comment #40
DamienMcKennaI'm open to ideas for making this easier to handle, please feel free to open new issues and we can discuss them. And thank you, I appreciate the concern over not wanting to make things even harder for site admins.
Comment #42
Dakwamine@Berdir In a nutshell, did you assign tags to a (dynamic/static?) permission (working on field level permissions?), and then, assign this permission to a role?
I have a little site with relatively few enabled options, so it did not occurred to me that this could become a hassle to administer... Good catch!
Comment #43
BerdirWe have one setting that's a list of restricted/hidden metatags and then a form alter that hides them, similar to what this module added.
Looks like this:
```
'foo_module.settings:restricted_metatags':
- basic.abstract
- advanced.geo_placename
- advanced.geo_position
- advanced.geo_region
- advanced.icbm
- advanced.robots.index
- advanced.robots.follow
- advanced.robots.noarchive
... (pretty long list)
```
Not sure what the best middleground between the this (which might not be flexible enough for some sites) and the permission-per-element would be. One thing to note is that our form alter can even go deeper than the plugin level, in the example above you can see that we're hiding all but two options of the robots checkboxes.