Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This element could do with an explanation that it can't be changed on existing flags.
Comments
Comment #2
joachim CreditAttribution: joachim as a volunteer commentedComment #3
martin107 CreditAttribution: martin107 as a volunteer commentedThe patch looks good as it documents, the current form behaviour
but I note that programmatically Flag::setGlobal() is public on the interface, so I expect global can be toggled after Flag::create() is called.
The expected behaviour has some cache invalidation implications in relation to an upcoming change to
FlagCountManager::getUserFlagFlaggingCount()
#2832106: identify different anonymous users by storing session id on Flaggings
that we have been discussing.
Do you wish to make isGlobal() a locked down value - set during construction?
Comment #4
joachim CreditAttribution: joachim as a volunteer commented> but I note that programmatically Flag::setGlobal() is public on the interface, so I expect global can be toggled after Flag::create() is called.
The flag entity is actually created in EntityForm::getEntityFromRouteMatch(), which is called when the form is loaded. So the global property is set on it once it already exists. So locking global down might not be that simple.
At any rate, this issue is about the a UI, where the global property is already locked down.
Locking it down programmatically makes sense but not a priority -- file it so we don't forget it?
Comment #5
martin107 CreditAttribution: martin107 as a volunteer commentedThanks for supplying the wider perspective.
Comment #6
martin107 CreditAttribution: martin107 as a volunteer commentedI can't conceive of a use case that would ever need to toggle the global state, but I also don't see it as a loophole that MUST be closed.
I can only see broad security concerns that I am not worried about
along the lines of... Can a hacker gain advantage by toggling the state - which combined with other code changes subtly makes the site disclose anothers users session_id.
but if hackers can alter php code the there are much bigger security concerns.
Comment #7
joachim CreditAttribution: joachim as a volunteer commentedThanks for the review... but it occurs to me that we should also warn on the add flag form that this is a one-time setting. I'll do another patch.
> I can't conceive of a use case that would ever need to toggle the global state, but I also don't see it as a loophole that MUST be closed.
I someone changes that setting, their flagging data will stop making sense. Going from global to personal will be ok (assuming we now record a uid for global flags, which I think we do), but going from personal to global will be a mess.
Comment #8
martin107 CreditAttribution: martin107 as a volunteer commentedThanks for talking this through
So thinking about
#2832106: identify different anonymous users by storing session id on Flaggings
That mess is what I lightly called 'cache invalidation' issues in #3 with regard to getUserFlagFlaggingCount()
So my realization is that we either MUST lockdown or MUST invalidate.
As the session_id is always recorded for the anonymous case then toggling global would lead to a reinterpretation of entries in the database.
Again we are talking about our understanding of the module as we have or will code it .... we are far from a useful application of this toggle.-
Comment #9
joachim CreditAttribution: joachim as a volunteer commentedComment #10
martin107 CreditAttribution: martin107 as a volunteer commentedworks for me
Comment #11
joachim CreditAttribution: joachim as a volunteer commented> As the session_id is always recorded for the anonymous case then toggling global would lead to a reinterpretation of entries in the database.
Yup, toggling global breaks stuff. Like I say, I'm happy for us to add something to guard against that, but equally, if you do poking into the internals of flags like that, you invalidate your warranty :p
I mean, we can't protect the user against EVERYTHING -- hacking their DB tables by hand, putting large magnets next to their server, etc etc...
Comment #13
joachim CreditAttribution: joachim as a volunteer commentedThanks for the review. Committed.