With the changes introduced in this issue: #3357181: Does not react to role changes, any role change shows a prompt to any user about rebuilding permissions.
We have a few processes on our site that mean that non-admin users can effectively change their own roles. For example, they purchase a membership, so they gain the "member" role upon payment.
These users are receiving a "rebuild permissions" prompt that they don't understand or have the ability to act upon.
I think the warning should only be shown to users who can access the URL the link points towards. If the warning isn't shown, it should be put in the logs instead. (Or better yet: always logged and, when the user can do it, also shown in a message.)
| Comment | File | Size | Author |
|---|---|---|---|
| #7 | 3392037-rebuild-permission-warning-7.patch | 1.15 KB | andre.bonon |
Issue fork content_access-3392037
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
samalander commentedComment #5
gisleSpiffy, thanks for the MR! We need someone using the module and who is bitten by this review it.
Comment #6
spfaffly commented@gisle You're welcome.
I've come across a similar issue and figured this would be the best approach.
This MR basically has a check if the current user has the permission of "access administration pages" and displays that message accordingly.
Any users that don't have this permission won't see this message.
Comment #7
andre.bononHi, I've experienced the same issue with the message being displayed to users who don't have permissions to rebuild permissions. I'm going to apply the patch and let you know if it works.
I'm attaching a patch file from the diff so we can use it with composer.
Comment #8
andre.bononThe fix works for me.
Comment #9
gisleLinked to related issue.
Comment #11
gisleCommitted to the most recent snapshot of 2.0.x-dev.
Comment #13
vipul tulse commented@gisle Guys any plan to release new version with this issue fixed
Comment #14
stolzenhain commentedStrangely, this patch would still show the message to users who definitely weren't being able to access the admin/rebuild page.
Comment #15
gisleReopening, based upon #14.
Comment #16
stolzenhain commentedHello @gisle – thanks for checking on this – the reason we still saw the message was us using Rules successor ECA which switches users for role operation permissions (as seen in the demo feature) – effectively receiving the message while in a temporary admin state.
We fixed this by applying a local patch that removes the message output.
Comment #18
jalipit2 commented@stolzenhain I have nearly the exact same scenario as you using ECA to switch user roles in a temp admin state. Would you mind sharing the patch?