Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.While testing this UI on different permission combinations, I found that there were some misbehaviors. None of these could be used to circumvent the permission handling on the server side, just to give the impression that you are going to do that :) Nevertheless, we should communicate what is really going to happen, so these needed solutions.
1. Double click on a translation that was not selectable (due to not having moderation permissions to moderate that), and seemingly marking all others declined. This was a problem since it appeared in the "view mode" when I had no permission to select any translation and also appeared when I only had partial permissions.
=> I've added an "is-selectable" class to limit which items will the double click handler react. This could have been done in more complex ways with jQuery traversal looking at the disabled radio button, but this class might be useful for other reasons as well.
2. Turns out a string can be is-selectable but not declinable. So you might have a string selected, but cannot decline it when you move to pick another translation variant or double click on another string. This is effectively to let you move back to a string previously approved by someone, which you might not have the permission to approve otherwise.
=> I've added the "is-declinable" as an easy marker as to which items can be declined. Then when moving on to a different string or double clicking, we only mark declinable items declined. This avoid the overstrike effect on strings you cannot actually decline but before the patch it looked like you could.
I think this is now complete in terms of permission adherence. It does look odd in some ways, so I wonder if people with different permission levels will fully grok it. Here is my pet example:
In this case, if I double click on one of the selectables, it will decline all the declinables except the one I selected. That will still leave admin submitted suggestions in there, since I do not have permissions to manage those. This includes the first item in the list. I cannot decline that, but I can keep it approved, since it was already approved (although I'd not have permission to approve it otherwise).
Ps. I also found some remnants of the half-done stabilization feature, which are also removed with this patch.
| Comment | File | Size | Author |
|---|---|---|---|
| permission-actions.patch | 4.23 KB | gábor hojtsy | |
| FunkyPermissions.png | 146.36 KB | gábor hojtsy |
Comments
Comment #1
gábor hojtsyBTW the reason the first was approved by me was that I did that in a previous testing pass, where I had different permissions. There is no issue there that I know of.
Committing the patch.