
Problem/Motivation
The permissions to view the latest revision tab currently use view latest revision
, and view any unpublished content
permissions.
It makes sense to have that check for view own unpublished content
too.
However, this is somewhat problematic because the node module defines view own unpublished content
, while content moderation defines view any unpublished content
.
Proposed resolution
Add the check for view own unpublished content
.
Remaining tasks
Figure out how to reconcile the node module defining that permission.
User interface changes
API changes
Data model changes
Comment | File | Size | Author |
---|---|---|---|
#16 | 2865498-latest-revision-tab-respect-permissions-16.patch | 704 bytes | tuwebo |
#9 | 2865498-09.patch | 9.71 KB | jhedstrom |
Comments
Comment #2
timmillwoodI guess this is related to #2838452: Permissions: View any unpublished content not working?
Comment #3
jhedstromI'm not sure how closely it's related to #2838452: Permissions: View any unpublished content not working aside from dealing with permissions...
Here is an initial patch.
Comment #4
jhedstromLast patch didn't check for the other permission 'view latest version' in conjunction with 'view own unpublished content'. I also added some code comments to the test cases.
Comment #5
timmillwoodLooks good to me @jhedstrom, thanks!
Comment #7
timmillwoodNeeded a re-roll.
Comment #8
alexpottGiven this is access related I think we should be more verbose. And easy to read. Perhaps something like:
Comment #9
jhedstromThis should address #9. Unfortunately, I couldn't use the exact logic there because of the way the
andIf()
andorIf()
methods actually work. These don't impact the object they are being called on, but rather return a new access result, so the logic here relies on that return value. Still easier to read than the first attempt.This approach also caught some issues with the test assumptions.
Comment #10
jhedstromI'd honestly prefer to return neutral here. Expressly forbidding something disallows other modules to grant access, whereas neutral is almost the same since something else needs to explicitly grant access.
Comment #11
timmillwoodLooks to resolve the concerns in #8.
Comment #12
alexpottCommitted de122da and pushed to 8.4.x. Thanks!
Committed c560ef9 and pushed to 8.3.x. Thanks!
Credited myself because my review had an affect on the final patch.
Backported to 8.3.x because this is for an experimental module.
Comment #16
tuwebo CreditAttribution: tuwebo at Metadrop commentedSorry about opening this one again.
It is just that we forgot update "view latest version" permission description in the content_moderation.permissions.yml file.
Patch added, it just modifies the description.
Comment #17
timmillwood@TuWebO please open a new issue for this.
Comment #18
tuwebo CreditAttribution: tuwebo at Metadrop commentedHi @timmillwood thanks for the fast response.
I've added new issue #2924055: Wrong description for "view latest version" permission.