Problem/Motivation

Drupal 9.3 introduced dependencies of roles on the providers of the permissions.
See:
Permissions can define dependencies
Permissions must exist
#2571235: [regression] Roles should depend on objects that are building the granted permissions

Config Role Split does not currently concern itself with that, but this will most likely lead to the config import not working correctly.

Steps to reproduce

Proposed resolution

Split also dependencies information together with the permission id, or maybe it can be inferred at runtime?

Remaining tasks

Maybe this is best done in conjunction with #3223564: Use config storage transformation API

User interface changes

none

API changes

tbd

Data model changes

tbd

CommentFileSizeAuthor
#5 3223569-5.patch4.86 KBafsch
#3 3223569-3.patch4.35 KBmarcoscano

Issue fork config_role_split-3223569

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

bircher created an issue. See original summary.

bircher opened merge request !2

marcoscano’s picture

marcoscano
Primary language Portuguese, Brazil
Location Barcelona, Spain
CreditAttribution: marcoscano as a volunteer and at Lullabot commented
Status: Active » Needs review
FileSize
3223569-3.patch4.35 KB

I'm not convinced this is all it needs to "make config_role_split work with core 9.3+", but here's a start. With this patch, we make sure the $data['dependencies'] array is always in sync with whatever permissions are left after applying the filter. (I say there may be other things needed since core 9.3+ DB updates seem to mess around more than expected with roles (at least in the project I'm working on), so some level of manual adjustment may be necessary when doing the upgrade itself, and then this patch could (hopefully) make things not break in the long-run).

Would appreciate feedback on the approach, since I'm not really not familiar with this system. Thanks!

marcoscano’s picture

marcoscano
Primary language Portuguese, Brazil
Location Barcelona, Spain
CreditAttribution: marcoscano as a volunteer and at Lullabot commented

I was also not sure if the config_role_split.role_split.* objects themselves should have dependencies that match the permissions they contain? It seemed a bit redundant to me, but maybe that's the correct way to move this patch forward, not sure.

afsch’s picture

afsch
Location Otavalo
CreditAttribution: afsch as a volunteer and at Lullabot for State of Georgia commented
FileSize
3223569-5.patch4.86 KB

Using with Drupal 9.4.5, re-rolling the patch adding an extra verification of the $data.

I was getting the following error:

 The .yml files in your export directory (../data/_config-splits/default) will be deleted and replaced with the active config. (yes/no) [yes]:
 > 

 [warning] Undefined array key "id" RoleSplitFilter.php:84
 [warning] Undefined array key "permissions" RoleSplitFilter.php:88
 [warning] Undefined array key "id" RoleSplitFilter.php:88
pfrenssen’s picture

pfrenssen
Location Sofia
CreditAttribution: pfrenssen at Liip commented

I didn't have the chance to review the code, but the patch works on Drupal 9.3.