Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem/Motivation
Now we've fixed #2833562: Installing modules using the ConfigImporter does not work this exposes another interesting issue. Content created during an install occurs before any users exist meaning it is all owned by user 0! This will occur if you are using something like the Config Installer or just have the default content as part of an install profile.
I think this is a major bug because content being owned by the anonymous user can cause very odd security issues if perms are set up oddly.
Proposed resolution
Ideally I think we'd add an extra install step after the site configuration form - which creates user 1 - where default content would be created. Not sure if this is possible. It's not possible.
Create the required user 1 and delete it? A bit hacky but better than the alternative.
Remaining tasks
User interface changes
API changes
Data model changes
| Comment | File | Size | Author |
|---|---|---|---|
| #13 | 2872278-13.patch | 12.26 KB | alexpott |
| |||
Comments
Comment #2
alexpottThere's no way for a module to hook into
install_tasks().Comment #3
alexpottHmmm but
user_install()creates user 1 so why is this not working...Comment #4
alexpottAh lol...
These UUIDs are not going to be the same - so I guess we're falling back to user 0 because we just don't know and this is the logged in user. This feels wrong. But offers solutions.
Comment #5
alexpottSo we have a problem even in the tests... here's proof... the node we create should be owned by user 2 - it's not.
Comment #7
alexpottI think this exposes a bug in the denormaliser - if the user doesn't exist it shouldn't fall back to user 0 it should fallback to the logged in user.
Comment #8
alexpottWell that's fun. I think user 1 should be portable so I think we should always reference it by ID and not UUID but here's a fix self contained to the default content module.
Comment #10
alexpottFixing the test groups and some coding standards.
Comment #11
alexpottLol after all the messing with normalisers whilst I think that we might consider user 1 to be a special case in the Hal and other core normalisers we don't actually need to do that here.
We can just detect if the entity uses EntityOwnerInterface and default the owner to user 1. Yes this means you can't create content owned by user 0 via default content but I think that that is a super edge case.
This also means that for import #2861591: Export content as user 1 when running in a CLI context is kinda superfluous and we might consider the account switcher for export too.
Comment #12
larowlanThanks @alexpott, looking good to me.
I'm sure Berdir and I came across this issue once before, fairly sure we used to have the assert for $node->uid === 2 in the test, can't recall why we didn't come back to it.
nit: Please use $this->entityTypeManager->getStorage('user')->load() instead of the singleton in case we want to unit test this in the future.
Comment #13
alexpott@larowlan - nice catch
Comment #14
larowlanlooks good to me, thanks again @alexpott
Comment #15
andypostIt looks great! Gonna commit soon!
BTW fallback to uid1 is more secure then anonym.
And this needs follow-up to made fallback configurable
Comment #16
alexpottMaking the fallback configurable is kinda interesting. It means that the default_content module would have to depend on that user existing.
Comment #17
andypostHere 2 examples
- bunch of stage content exported to use as "fixture" but I wanna all owners to be assigned to uid=2 (kinda obfuscation)
- fallback to load user by ID when no uuid found and fallback to `--run-as` for drush operations
Comment #18
alexpott@andypost sure but you still have the problem of ensuring that the user exists when installing. Imo the fallback feature should also include exporting the user :)
Comment #20
andypostCommited, thanx for contribution!
@alexpott yes, better use export filters/modifiers