Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
We noticed currently that Drupal user 1 is not allowed to bypass hide_submit functionality.
Please find attached the patch.
Comment | File | Size | Author |
---|---|---|---|
#10 | hide_submit-super_upser_bypass-hide_submit-10-7.x.patch | 556 bytes | CRZDEV |
#9 | user_options.png | 46.21 KB | perennial.sky |
#9 | saved_user_options.png | 42.28 KB | perennial.sky |
Comments
Comment #2
sorinb CreditAttribution: sorinb as a volunteer commentedComment #3
sumthief CreditAttribution: sumthief as a volunteer and at DrupalJedi commentedHello @sorinb,
Looks like it's a bug. In current situation user with uid = 1 have no possibility to use Hide submit`s functional.
But this patch is not a good idea. As user_access function will return TRUE to all arguments passed when we try to invoke it when we logged in under user with uid=1.
Looks like it should be done via separate setting in admin form. Something like that: "Disable Hide Submit`s functional for the super-admin account". (And the condition will have a second part related to checking variable value).
Comment #4
sumthief CreditAttribution: sumthief as a volunteer and at DrupalJedi commentedComment #5
sonamsingh CreditAttribution: sonamsingh at Innoraft commentedHey Sumthief,
I do agree that the configuration for this must be added in the admin settings page but then it won't make much sense if the permission for this hide submit functionality is coming from two places: permissions page (using bypass hide submit) and from admin settings page for users with administrator role. So, I suggest a consolidation of these settings will be better. So, here's a patch which considers all these cases.
Comment #6
sumthief CreditAttribution: sumthief as a volunteer and at DrupalJedi commentedHello @sonamsingh,
I agree that your variant looks better.
I've reviewed your patch and at first look it seems good. The only thing which is a bit strange for me:
It's not obvious for me why we need to filter roles came from variable.
Comment #7
perennial.sky CreditAttribution: perennial.sky at Innoraft commentedHi Sumthief,
I think it is required to use array_filter while getting data from variable as I saw the configuration form, Whenever user saves the form, hide_submit_for_roles variable will have data in the following format
In Above array, hide submit is applicable for rid 4 and 7 so to remove 0 from array she uses array_filter.
Comment #8
sumthief CreditAttribution: sumthief as a volunteer and at DrupalJedi commentedHello @akashjain132,
How it's possible? Attached patch provides user_roles function as source for options in configuration form. It means that role identifiers (rids) will be stored in provided variable.
Reserved constants for base Drupal roles are DRUPAL_ANONYMOUS_RID (1) and DRUPAL_AUTHENTICATED_RID (2).
As I know it's impossible to have rid equal to 0.
So for me it looks like unnecessary function invocation. But maybe I am wrong.
Comment #9
perennial.sky CreditAttribution: perennial.sky at Innoraft commentedHi Sumthief,
It seems some misunderstanding, I was saying that options are creating by user_roles() function which give a below array
but when user save the form, variable saves array in below format
it means user checked only options 3 and 6 so to get only checked rid by a user we need to filter array to remove 0s and that why she is using array_filter.
Above is my understanding Please let me know if I am wrong.
Comment #10
CRZDEV CreditAttribution: CRZDEV at Metadrop commentedHere goes a simpler patch and it does not require to use additional config, just uses the existing "bypass hide submit" access (it already can be granted to roles by default into "/admin/people/permissions").
Also this won't require any manual configuration (after updating sites) to configure permission to each role but in module config variable (as previous patch requires, it won't preserve any previous configuration, there was no update added to map current access solution to variable).
Comment #11
CRZDEV CreditAttribution: CRZDEV at Metadrop commentedJust adjusting title.
Comment #12
omarlopesinoPatch #10 works fine. Marking as RTBC.