Problem/Motivation

Administering configuration vs. unblocking users are two different things that may want to be done by different roles. Could the permissions please be split?

"Moderators" for example could be allowed to unblock users but not change the configuration.

CommentFileSizeAuthor
#34 Capture d’écran 2023-04-19 170552.jpg178.79 KBeverhee
#25 interdiff_23-25.txt271 bytesarantxio
#25 add-seperate-permissions-3226763-25.patch11.68 KBarantxio
#23 add-seperate-permissions-3226763-23.patch11.7 KBarantxio

Issue fork flood_control-3226763

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Anybody created an issue. See original summary.

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Status: Active » Needs work

Sounds good. Can you provide a patch?

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

Yes, I'll create a MR as soon as I can but currently I'm very busy so first I wanted to write down the idea and benefits so if someone else needs it earlier, please help out!

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented

No worries. Maybe I do it when I'm ready reviewing the issues. Thanks in advance!

Anybody opened merge request !15

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

Still requires an update hook to update permissions! Saw a snippet for that some days ago, but couldn't find it yet.

grevil’s picture

grevil commented
Version: 2.0.x-dev » 2.2.x-dev
grevil’s picture

grevil commented

@batigolix little sidenote, please specify the 2.2.x branch as the repositories default branch, so people working on the module do not get confused AND automatic issue branch creation won't use 2.0.x as their base repo, thanks!

grevil’s picture

grevil commented

Rebased the fork on 2.2.x maybe we can redirect the MR to 2.2.x instead of 2.0.x?

Anybody closed merge request !15

Anybody reopened merge request !15

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

@Grevil: MR is ready, I made to change the target branch xD

grevil’s picture

grevil commented

@batigolix Also note, that #3270116: Better to hide "Flood Control settings page" link from top markup if the user doesn't has a permission introduced a new "access flood control settings page" which is nowhere used in 2.2.x. I don't really know if we should remove this permission here and keep @Anybody's permission changes to the "flood_control.settings" page, or if we should use the "access flood control settings page" instead.

I think we just keep Anybody's change and remove the permission again, as it has no use. If you are against this change, feel free to revert it! :)

EDIT: The permission is actually used, but not for the admin page! Quite confusing to say the least, so I will replace the occurrence with "administer flood unblock".

grevil’s picture

grevil commented
Status: Needs work » Needs review

All right, all done and fixed!

I additionally tested the update process, to see if the update hook works as expected, and it does! Please review! :)

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Status: Needs review » Needs work

Great work @Grevil! LGTM and the next points are just for perfection:

1. Should we perhaps prefix unblock ips permission with flood? => flood unblock ips to make the context totally clear?

2. You used access flood unblock instead of access flood control settings page for the update hook. Is there a good reason? I'm not sure which one fits better, but might be the other one? (unsure).

3. Finally would be great to have some tests for the permissions to work correctly.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

BTW this cleanup is really nice, as some permissions seem to have been added by the merge of https://www.drupal.org/project/flood_unblock - that was before creating this issue.

Cleaning things up by the update hook is a good thing now. So RE #15.2 perhaps it makes sense to map the permissions separately?

grevil’s picture

grevil commented

Tests need further work, I'll resume my work here tomorrow.

grevil’s picture

grevil commented

@batigolix, further note: Enabling automated testing for issue branches would be also a nice addition! :)

grevil’s picture

grevil commented
Status: Needs work » Needs review

All finished! Tests are all green locally!

@batigolix I hope you don't mind, that I tinkered quite a lot with your tests! :)

Please review.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Status: Needs review » Reviewed & tested by the community

Wónderful work, @Grevil! :)

RTBC!

@batigolix would you mind enabling tests for issues then perhaps?

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Issue tags: +Needs manual testing

PS: And as this is changing the permissions, please also test manually before merging this.

grevil’s picture

grevil commented
Issue tags: -Needs manual testing

Already tested the update hook manually, and normal access is secured by the tests.

arantxio’s picture

arantxio
Primary language Dutch
Location Dordrecht
commented
StatusFileSize
new add-seperate-permissions-3226763-23.patch11.7 KB

I had issues patching this MR to the new 2.2.4 branch so i've made a patch on the latest available branch.

fabianderijk’s picture

fabianderijk
him/his
Primary language Dutch
Location Alphen aan den Rijn
commented
Status: Reviewed & tested by the community » Needs work

Both the MR as the patch won't apply to the new 2.3.x branch. Could you please check?

arantxio’s picture

arantxio
Primary language Dutch
Location Dordrecht
commented
StatusFileSize
new add-seperate-permissions-3226763-25.patch11.68 KB
new interdiff_23-25.txt271 bytes

Created a new patch, it hasn't changed that much, but just enough for it to fail to apply apparently.

arantxio’s picture

arantxio
Primary language Dutch
Location Dordrecht
commented
Status: Needs work » Needs review
batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Status: Needs review » Reviewed & tested by the community

Patch applies well to 2.3.x

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

Thank you all! So @batigolix are you planning to merge this soon?

fabianderijk’s picture

fabianderijk
him/his
Primary language Dutch
Location Alphen aan den Rijn
commented
Assigned: Unassigned » fabianderijk

fabianderijk’s picture

fabianderijk
him/his
Primary language Dutch
Location Alphen aan den Rijn
commented
Status: Reviewed & tested by the community » Fixed

This is fixed in the dev version, will create a new release version today.

grevil’s picture

grevil commented

Awesome! Thank you @fabianderijk!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

everhee’s picture

everhee commented
StatusFileSize
new Capture d’écran 2023-04-19 170552.jpg178.79 KB

Hello, Some olders permissions appears in drupal 10 upgrade status with an alert :
- access flood control settings page
- access flood unblock

To remove those alerts, I add to revoke them in flood_control.install by adding :

function flood_control_update_9202() {
  $roles = user_role_names(FALSE, 'access flood control settings page');
  foreach ($roles as $roleKey => $roleName) {
    user_role_revoke_permissions($roleKey, [
      'access flood control settings page',
    ]);
  }

}

function flood_control_update_9203() {
  $roles = user_role_names(FALSE, 'access flood unblock');
  foreach ($roles as $roleKey => $roleName) {
    user_role_revoke_permissions($roleKey, [
      'access flood unblock',
    ]);
  }

}

Do you think, it could block Drupal 10 upgrade ?

dieterholvoet’s picture

dieterholvoet commented

@everhee I just encountered the same problem, opened a new issue: #3361842: Revoke old permissions from roles.