Starting with Drupal 9.3.0, all permissions in a user role must be defined in a module.permissions.yml file or a permissions callback. Other permissions are now considered invalid. This includes permissions from uninstalled modules, permissions that depend on configuration that has been removed (such as a content type), and permissions of obscure origin.
In Drupal 9.3.0 or later, saving a role with an invalid permission will trigger a E_USER_DEPRECATED
error. In Drupal 10, it will throw a runtime exception.
Since Drupal 8.0, modules are supposed to remove their data from the database when they are uninstalled. See Modules cannot be in a disabled state anymore, only installed and uninstalled. One exception has been that uninstalled modules did not remove the permissions they defined from user roles. Before Drupal 9.3.0, a site administrator could uninstall a module, then install it again, and the permissions previously assigned to user roles would be in effect. Starting with Drupal 9.3.0, the administrator must configure permissions again when re-installing the module.
An update function is provided to remove invalid permissions from existing roles. The update function logs the permissions removed from each role.
Comments
Hoe to solve?
How do you solve this if a module did not prove an uninstall hook and you are left with an improper setting?
I can't update my website to
I can't update my website to Drupa 10 because PWA creates problems. Forever it is uninstalled. Did you find a solution ?
https://www.drupal.org/files/issues/2023-01-19/Screenshot%202023-01-19%2...
Use a tool like drush to
Use a tool like drush to export your configuration
drush config:export
. Open the offending role files eguser.role.authenticated.yml
and delete the line for the orphaned permission.Then reimport your configuration
drush config:import
I did as suggested here and
I did as suggested here and keep getting this:
I did finally get this fixed.
I did finally get this fixed. If anyone wants to know, After doing the export, I used good old WinSCP to manually edit the files and save them. I then ran:
drush config:import --source=sites/default/files/config_NTZUomU3zGDBwj5U2AD68HPO-24WB2ZHy77qNC6TJCjWKU7CEzn7oasjPwE2vnUMjeQlHzkIkw/sync
and that fixed it. I don't know why at_core.settings was there because I think that was left over from an old theme.
In case you have multiple
In case you have multiple permissions to fix, you could just use the following PHP script along with
drush scr
to quickly remove them from your configuration:Hello @vensires,
Hello @vensires,
Thanks for this answer, where to put the clean_permissions.php script? at the root of the project ?
Wherever you like as long as
Wherever you like as long as your drush has access to it. I usually have a
scripts
orscripts_dev
folder and store this kind of scripts in there. So, in my case - from the root of the project - I execute./vendor/bin/drush scr scripts/clean_permissions.php
.Thanks man!
Thanks man!
Worked Perfectly!
Thank You @vensires!! That made it easy!
Hello @vensires,
Hello @vensires,
It work for me, thks you
Permissions cleanup
Thanks @vensires! I figured this would be possible (to clean these permissions up programmatically) but this saved me a bunch of time. I used the concept and build a drush command out of it. I'd considered creating a module out of this as a dev utility, not sure what the uptake would be though.
E.g. adding a confirmation step in case a permission is tied to a module that someone forgot to install:
I used DI instead of the static calls if anyone is wondering, e.g.
Obviously if you have a lot of permissions, confirming each one gets annoying though. There's probably a way to add a (allow for all) command?
Thank you!!!
@vensires Just wanted to chime in with everyone else and say thanks for this. You saved me a lot of work!
This work really well. Good
@vensires This work really well. Good job. it should be a module :) Thx you
Works
This saved me a lot! Thank you sir!
Also good as a Update hook
Taking this and throwing it into an update hook on a custom module works great too. just remember to use `drush cex` after, just like any normal workflow.
Thanks
Thanks
Thanks. That worked as
Thanks. That worked as advertised.
Thanks
@vensires thanks a lot for sharing your knowledge! It works perfect :)
//trying to answer one question for each one that i make.
//this way, drupal will be more friendly and strong
WORKS! THANK U VERY MUCH
Vensires nailed it!!! thanks, was able to use your script and thanks for the @code/@endcode explanation
... I was preparing to upgrade a legacy site that had bad permissions that was orig drupal 6, 7, and 9.5.11 to 10.2 ... this script helped me get past the permissions concerns of upgrade_status. :)
@vensires - Thanks it worked
@vensires - Thanks it worked for me on Drupal 10.2.3
This worked for me too
This worked for me too
It works! Thank you!
It works! Thank you!
Thank you @vensires!
Thank you @vensires!
your script is working great!
Hmm..
So the PHP script does not seem to work for me... Any ideas?
Thanks,
Eric
__________
Eric Aitala - ema13@psu.edu
Penn State
224b8605113373e086cb27708ff301ba18ce394db1996e7e22928e4555e0d20b1b6cecc7f67c9bd9e536cb915779c485
Please provide more
Please provide more information on which is the error you are facing.
No errors, it just did not
No errors, it just did not seem to do anything. I ended up exporting config, editing the files by hand, try to re-import those, fix other weird config issues (some involving themes from the D6 era), re-importing again, etc....
E
__________
Eric Aitala - ema13@psu.edu
Penn State
224b8605113373e086cb27708ff301ba18ce394db1996e7e22928e4555e0d20b1b6cecc7f67c9bd9e536cb915779c485
It worked on my end
You must've forgotten to add the <?php tag? I added the php tag and it worked.
I have docker image on server
I have docker image on server, not able to run the script with composer install.
Script proposed by @vensires
Script proposed by @vensires worked fine for me.
Thanks.
Hi, script is not working for
Hi, script is not working for me. In upgrade status module I am still getting same error.
When I am running script it does show any error.
This can be done also from the Drupal UI
I had only 3 orphaned roles which upgrade status warned. I was able to quickly
remove them with the Drupal UI configuration management.
errors gone from upgrade status, making backups of the site can be handy
thanks!
nice way to handle the role junk without scripting!
Great tip
Finally a solution on so many D10 problems
1 down a lot more to go :(
Thanks a lot
Thank you - I ran the script and permissions are fixed !
Thank you so much. Fixed my permissions.