Split permissions for product attribute config and value content entities [#3126885]

A bit of a spiritual follow-up to #2904459: Product attributes edit but not create - the ProductAttribute config entity and ProductAttributeValue content entity share a single admin permission, administer commerce_product_attribute. This results in users (e.g., content moderators/editors) making updates to the config entity such as changing an attribute name, which when using a deployment strategy that imports config (e.g., assumes config changes will be made in dev and pushed to production) these changes will be overwritten.

I think it would be sensible to split these permissions (or at least dynamically support such a differentiation) to avoid a WTF condition on the part of developers and non-technical end users.

Issue fork commerce-3126885

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

8.x-2.x changes, plain diff MR !239
Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Comments

Comment #1

11 April 2020 at 21:23

bradjones1 created an issue. See original summary.

Comment #2

bradjones1

English

commented 11 April 2020 at 21:23

Comment #3

mhawwari commented 6 August 2020 at 07:59

I find the permissions split also necessary in my case for giving specific roles access to translate the attribute value entities without needing to give them the "Translate configuration" permission.

Comment #4

rszrama commented 22 March 2022 at 12:56

+1 from me, too. Thanks, guys!

Comment #5

tcrawford commented 13 March 2024 at 08:22

Assigned:

Unassigned

» tcrawford

Comment #6

13 March 2024 at 09:56

tcrawford opened merge request !239

Comment #7

tcrawford commented 13 March 2024 at 09:57

Assigned:	tcrawford	» Unassigned
Status:	Active	» Needs review

Comment #8

tcrawford commented 13 March 2024 at 10:00

I have added a proposed solution (MR 239) where I have split the permissions and modified the existing ProductAttributeForm. There are certainly places this approach could be improved. I would appreciate a code review. Thanks in advance.