Problem/Motivation

When you create an access token for a draft, that token is still accessible if the page revision is published then put into draft mode afterwards.

There should be an option to discard all active access tokens once a revision is published. This could be appropriate for a global setting as well as a per page setting.

Steps to reproduce

1. Create a new node that has workflow options and can be placed into Draft or unpublished equivalent.
2. Create a new access token for that page.
3. View the link with the token to ensure it is working.
4. Publish the revision of the node.
5. Visit token link to ensure it does NOT work.
6. Create a new revision of the same node and place in Draft.
7. Visit token link. It should work and show the most recent revision.

Proposed resolution

Add either global or per-page option (or both) to discard all access tokens when the revision is published.

Remaining tasks

User interface changes

Would potentially add a checkbox/boolean field to the editing screen of a node, or the global configuration of the access_unpublished module.

API changes

Data model changes

CommentFileSizeAuthor
#3 clear_access_tokens_publish-3336210-3.patch797 byteskuldeepbarot
#2 clear_access_tokens_publish-3336210-2.patch3.13 KBnessthehero

Issue fork access_unpublished-3336210

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

nessthehero created an issue. See original summary.

nessthehero’s picture

nessthehero
he/him
commented
Status: Active » Needs review
StatusFileSize
new clear_access_tokens_publish-3336210-2.patch3.13 KB

I have attached a patch that adds a global option to the settings form for Access Unpublished to clear tokens when a node is published.

Any tokens created while a node is unpublished will be deleted when that node is finally published.

kuldeepbarot’s picture

kuldeepbarot commented
StatusFileSize
new clear_access_tokens_publish-3336210-3.patch797 bytes

I feel there is no need to provide a configuration i.e. cleanup_tokens_on_publish checkbox, instead we can directly delete the tokens when a node is published. Updated the patch from #2.

generalredneck made their first commit to this issue’s fork.

generalredneck’s picture

generalredneck
him/his
Primary language English
Location Texas, USA 🇺🇸
commented
Status: Needs review » Needs work
Issue tags: +Needs tests

Re Kuldeepbarot's comment

I disagree. I feel there is a usecase where users will want to know the past tokens that were availible. Specifically with #3144610: Add a label to the access token and #3394195: Views integration added into the mix. Being given the option is more important.

That said, the current patch does not provide an update hook to upgrade the current configuration to the default of false that is being suggested which may cause a challenge.

lastly, we need some tests for the coverage here.

generalredneck’s picture

generalredneck
him/his
Primary language English
Location Texas, USA 🇺🇸
commented
Version: 8.x-1.4 » 8.x-1.x-dev

mably made their first commit to this issue’s fork.

mably opened merge request !37

mably’s picture

mably commented
Status: Needs work » Needs review
Issue tags: -Needs tests

Some improvements and fixes.

A functional test has been added.

generalredneck’s picture

generalredneck
him/his
Primary language English
Location Texas, USA 🇺🇸
commented
Status: Needs review » Needs work

Needs a quick reroll because of a recent merge. got a couple of conflicts because of the new update hook and what not.

mably’s picture

mably commented
Status: Needs work » Needs review

Rebased and conflicts fixed.

generalredneck’s picture

generalredneck
him/his
Primary language English
Location Texas, USA 🇺🇸
commented
Status: Needs review » Fixed

This one is going into 1.x-dev

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

  • generalredneck committed 6cd0c993 on 8.x-1.x authored by mably 
    feat: #3336210 Add option to discard all tokens on publish

By: mably
By...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.