Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When you create a role name that already exists a raw SQL error is shown. Drupal should check if a role exists before attemping an insert.
Comment | File | Size | Author |
---|---|---|---|
#25 | duplicate_role_name_47_1.patch | 5.9 KB | edmund.kwok |
#23 | duplicate_role_name_47.patch | 2.31 KB | edmund.kwok |
#19 | duplicate_role_name_11.patch | 4.54 KB | edmund.kwok |
#18 | duplicate_role_name_10.patch | 4.55 KB | edmund.kwok |
#16 | duplicate_role_name_9.patch | 4.55 KB | edmund.kwok |
Comments
Comment #1
Uwe Hermann CreditAttribution: Uwe Hermann commentedConfirmed in HEAD.
Comment #2
edmund.kwok CreditAttribution: edmund.kwok commentedPatch checks if role name exists in two instances:
1. When adding new role - if role name exists, display error.
2. When editing existing role - if role name exist, but is not the original name, display error
Patch from http://drupal.org/node/58860 also applied to show edit role form if error occurs during role editing.
Comment #3
edmund.kwok CreditAttribution: edmund.kwok commentedStatus change
Comment #4
edmund.kwok CreditAttribution: edmund.kwok commentedPatch was abit broken, saving of edited role with new name was not working. New patch fixes this.
Comment #5
edmund.kwok CreditAttribution: edmund.kwok commentedPatch rerolled to latest HEAD and changed 'exist' to 'exists'.
Comment #6
edmund.kwok CreditAttribution: edmund.kwok commentedRerolled from root to latest HEAD.
Comment #7
pwolanin CreditAttribution: pwolanin commentedquick review- shouldn't this new code be in a separate validate function instead?
Actually, it looks like this entire function has an unfortuante mixing of validate and submit code.
Also, I think this query may be faster (more expert comments welcome), since there is an index on the name column:
rather than the one you use:
Comment #8
pwolanin CreditAttribution: pwolanin commentedoops, should be:
Comment #9
edmund.kwok CreditAttribution: edmund.kwok commentedThanks for taking a look at it.
Yeah, I think using COUNT(*) would be more efficient, but only can be used when adding roles. The rid would need to be returned when editing a role to ensure the same role name could be saved. In that sense, if seperating to a new function, it would be two different functions for the different purposes. IMO it is not necessary as the functions are not used anywhere else.
I also agree that the role adding/deleting workflow could also be improved (eg using _submit and _validate hooks) but that is for another issue.
This patch uses COUNT(*) in the sql query to check for duplicate role names when adding a role as suggested. db_query returns resource regardless the query is empty or not. Hence, db_result was used to fetch the result. Is there a better way to do this?
Comment #10
pwolanin CreditAttribution: pwolanin commentedI think the first part of the patch could be simplified a bit- you have duplicated code there that's unnecessary. something like:
Comment #11
pwolanin CreditAttribution: pwolanin commentedpatch attached for 5.0/HEAD. Some quick testing seems to show that it fixes the bug. Please review.
The function user_admin_role is clearly an ugly relic of pre-4.7 pre-FPAI code. But, as you said, fixing that is an another issue. Obviously this code should be broken out into form, validate, and submit functions.
Comment #12
edmund.kwok CreditAttribution: edmund.kwok commentedpwolanin's patch achieved the same results with less code :)
Keeping up with HEAD. When saving an edited role, status message is now 'The role has been renamed.' instead of 'The changes have been saved.'. Another change was passing $id as a separate parameter when checking if the role name exists.
Comment #13
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedmakes sense to me and is apparently tested by the author.
Comment #14
Dries CreditAttribution: Dries commentedIMO, this kind of validation should happen in the validate functions. If not, it can still go wrong with programatically submittable forms. Not?
Comment #15
pwolanin CreditAttribution: pwolanin commented@Dries- I agree that this function badly needs to be refactored into _validate, _submit, etc. functions. I'd be happy to take that on as a separate issue (for 5.x/HEAD), but we should quash this actual bug in 4.7.x and 5.x first.
Comment #16
edmund.kwok CreditAttribution: edmund.kwok commentedpwolanin raised the issue up in #7 and we agreed that separating it to the submit and validate patch should be tackled in another issue. But since Dries raised the matter up, I thought we could just fix it altogether. Underlying codes are the same as the previous patch, just changes here and there to make it work with the functions. Please review
Comment #17
pwolanin CreditAttribution: pwolanin commentedYes, probably better to do this real refactoring, though I think the prior patch should be applied to 4.7 since I'm guessing killes won't want to commit such substantial changes when a simpler bug fix will do.
Also, I think in function user_admin_role_submit, you shouldn't call drupal_goto directly, but rather return the path following these instructions from the Forms API guide:
Comment #18
edmund.kwok CreditAttribution: edmund.kwok commentedYeah, probably the bugfix would be more appropriate for 4.7.
Oh yeah, missed out the drupal_goto. Thanks, any other issues?
Comment #19
edmund.kwok CreditAttribution: edmund.kwok commentedIssue still applies to beta1, rerolling patch.
Comment #20
edmund.kwok CreditAttribution: edmund.kwok commentedComment #21
Dries CreditAttribution: Dries commentedCommitted to CVS HEAD. Thanks guys!
Comment #22
pwolanin CreditAttribution: pwolanin commentedneeds to be backported to 4.7, either the initial (minor) fix or the more substantial one that went into 5.x
Comment #23
edmund.kwok CreditAttribution: edmund.kwok commentedBackported to 4.7. Patch is based on minor bug fix as in #12. If refactored code is preferred instead, I don't mind backporting it.
Comment #24
killes@www.drop.org CreditAttribution: killes@www.drop.org commenteda properly doen FAPI form woudl be preferable, I think.
Comment #25
edmund.kwok CreditAttribution: edmund.kwok commentedNew 4.7 patch. All done in FAPI glory as much as 4.7 allows :)
Comment #26
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedthanks! Since it is a rather large change, i'd like a second person to test this patch before committing it.
Comment #27
edmund.kwok CreditAttribution: edmund.kwok commentedSure :) We'll set this back to the review queue then.
Comment #28
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedtested myself: Works, applied.
Comment #29
(not verified) CreditAttribution: commented