This is a follow-up in response to #1188388-107: Entity translation UI in core comment 107.
Problem
We identified a set of desirable aspects the ET access control system will need to satisfy:
- We want to support both a simple translation model, where translations are "normal" content and are handled the same way no matter which language they are assigned, and an editorial translation model where content admins would have full powers on content, while translators would enter translations only for a (possibily strict) subset of the entity fields (see this analysis for details).
- We need to keep the edit and translate actions separate at access control level because this is the only way to provide a straightforward permissions set allowing site builders to easily implement the translation models described above.
- We need more granularity in defining translate access, ideally all the CRUD operations should have a dedicated permission.
- We want to be able to provide per-bundle translation access control where needed.
- We want to keep the permissions page clean and avoid bloating it by adding per-bundle translate permissions for each operation for any defined entity type, as many of them might not need those. Moreover this might generate confusion as a site builder might ask herself why she has not the ability to assign edit permissions per-bundle for a certain entity type, while it's possible to limit translation access per-bundle for the same type.
Proposed resolution
To address the first two points we just need to provide different routes, associated with different access callbacks (or whatever they are called today), for editing and translating an entity. Both of them would exploit the entity form controllers to present the user an entity form, which as usual would show only the elements the user has access to.
A user with edit permissions will be able to access the edit router path in any language, thus retaining the contextual editing, which is one of the major wins of multilingual entity forms on the UX side. A user with translate permissions would instead have access to the translation overview and to the translation form, a stripped down entity form where only the multilingual elements are displayed, only the ones the user has access to obviously. In this scenario edit permissions would take precedence over translate ones, hence a user having both would access the edit form also from the translation overview, instead of the translation form.
This approach would be fairly transparent to the user (actually this is already happening in core, as translation creation is performed on a different route than editing), and would allow to choose between the two models described above by just assigning the correct permissions to the various roles.
Wrt to the permission set exposed in the permission page we just need to provide the following: access|create|edit|delete translation and delegate a more granular distinction to the single entity types. For instance Node may expose a single generic 'translate' permission for each content type, which, combined with the generic ET ones, would allow to set all combinations of access to the CRUD operations for translations with bundle granularity. OTOH User might not provide any translation-related permission and just rely on the ET ones. From the implementation perspective we just need to adjust the logic in the EntityTranslationControllerInterface::getAccess()
method. The base implementation will rely only on the ET permissions while subclasses might extend its logic as needed.
Background information
- Detailed analysis: https://docs.google.com/spreadsheet/ccc?key=0ApOIu-ZZlUJudHFwaDF4T1NhM3R....
- Analysis summary: #1829630-21: Improve workflow permissions (match D8 solution).
- Analysis discussion on IRC.
Remaining tasks
Define the new access system model and the related permissionsImplement itAdd test coverageFurther discussion. #53-55 seem to disagree with the current approachPostponed on above, the usual rinse and repeat:(several) review patch.Review Task doc: http://drupal.org/node/1488992(novice) manually test the fix/patch.Manually Test Task doc: http://drupal.org/node/1489010
Related issues
#1498724: Introduce a #multilingual key (or similar) for form element
#1793520: Add access control mechanism for new router system
User interface changes
None.
Screenshots:
API changes
ET access has been refactored to deal with the new permissions.
Comment | File | Size | Author |
---|---|---|---|
#171 | et-workflows-1807776-171.patch | 1.68 KB | plach |
#169 | Screen Shot 2013-01-29 at 10.26.06 PM.png | 43.13 KB | webchick |
#166 | et-workflows-1807776-166.interdiff.do_not_test.patch | 2.12 KB | plach |
#166 | et-workflows-1807776-166.patch | 62.18 KB | plach |
#160 | et-workflows-1807776-160.interdiff.do_not_test.patch | 1.85 KB | plach |
Comments
Comment #1
plachComment #2
BerdirAs commented over in #1188388: Entity translation UI in core, I think this feature should be optional. The easiest way that I can think of for this is to have a global checkbox (could be per entity type too, but that's not that important) that is disabled by default. And only if you check it, then it will actually check this permission. You still have to configure it, but then at least you know it and only have to do it because you do want to prevent some users from editing the original content. Or an optional module and instead make the permission check pluggable, if there's more functionality that's specific to that workflow?
Because I assume that most sites will not use this feature.
Trying to automatically assign permissions sounds problematic, what happens when you add an additional role?
Also, I think if you need a feature like this, you're probably not far away from requiring something like our TMGMT project (with the still-not finished local translator :() that allows you to manage the translation progress, assign jobs to translators, review their work and so on. Not sure how far core should and can go in that regard.
Comment #3
Berdircross-post.
Comment #4
plachTBH I did not think deeply about whether we would actually need this feature in core or not: you are totally right that it supports workflow use cases that generally will require complex functionalities like the ones provided by TMGMT.
If we want to stick close to what core provides right now, we do not need this feature. In core you create translations and mark them outdated. You can access the translation overview but you need the edit permission to actually manipulate node values.
One functionality that we would missing, though, is that with just core translators can own a node translation created by someone else beforehand and work only on that one. This could be replaced by per-language ownership, hopefully.
Instead the 'edit original values' permission would allow for a '(just) translate any entity or a specific entity-type' workflow.
However both are ways to provide a basic workflow capability to plain core. I guess we need to retain some basic stuff working.
Edit: obviously we still need the 'edit shared fields' permission to turn a language-aware entity form into a translation form. I guess we can apply a similar argument for this and decide we just want an option (or maybe not even that) to hide form elements dealing with non-multilingual stuff, leaving permissions out of this.
Comment #5
plachBtw, I guess this is the kind of product-oriented discussion that could benefit from a feedback from the Usability team.
Comment #6
Bojhan CreditAttribution: Bojhan commentedI had to rewrite my comment on this a few times :) Its a though call.
I definitely don't think we should do this by default, as it introduces quite a hairy UX. However I also see it as a valuable addition to core, if you do need to get this workflow. Especially considering the many "institutions" that use Drupal, they often require very formal workflows where editing the original is definitely not allowed. In the end introducing this feature, will simplify the workflow significantly for content creators who do live with those restrictions.
I could buy-in to a checkbox, I generally don't like *magic functionality* checkboxes. But here its to support a important use case, and doesn't necessarily have to sound crazy (e.g. Add per-language content editing permissions).
Comment #7
plachIIUC we would have a checkbox in the bundle settings saying something like "Enable translation workflow" that would make permissions be applied and suddenly appear in the permissions list, right?
Comment #8
plachWe decided to go on with this one and making it optional (defaulting to FALSE), since this is bound to feature freeze. After proper UX testing we should be able to understand whether we still want this one.
Comment #9
plachI will work on this.
Comment #10
YesCT CreditAttribution: YesCT commented@plach did you have a patch to post on this?
Comment #11
plachI'm planning to post a patch for this during the upcoming weekend. @bforchhammer will help us with code reviews and coding, if needed.
We are discussing the very same topic for D7 in #1829630: Improve workflow permissions (match D8 solution) and we should be able to forward-port the approach we agree upon here.
Comment #12
plachAfter studying bforchhammer's analysis concerning ET permissions and discussing this in IRC, I radically changed my mind about this issue.
We identified a set of desirable aspects the ET access control system will need to satisfy:
After having this set of goals in front, the way to go appears more clear to my eyes :)
To address the first two points we just need to provide different routes, associated with different access callbacks (or whatever they are called today), for editing and translating an entity. Both of them would exploit the entity form controllers to present the user an entity form, which as usual would show only the elements the user has access to.
A user with edit permissions will be able to access the edit router path in any language, thus retaining the contextual editing, which is on of the major wins of multilingual entity forms on the UX side. A user with translate permissions would instead have access to the translation overview and to the translation form, a stripped down entity form where only the multilingual elements are displayed, only the ones the user has access to obviously. In this scenario edit permissions would take precedence over translate ones, hence a user having both would access the edit form also from the translation overview, instead of the translation form.
This approach would be fairly transparent to the user (actually this is already happening in core, as translation creation is performed on a different route than editing), and would allow to choose between the two models described above by just assigning the correct permissions to the various roles.
Wrt to the permission set exposed in the permission page I'd suggest to provide just the following: access|create|edit|delete translation and delegate a more granular distinction to the single entity types. For instance Node may expose a single generic 'translate' permission for each content type, which, combined with the generic ET ones, would allow to set all combinations of access to the CRUD operations for translations with bundle granularity. OTOH User might not provide any translation-related permission and just rely on the ET ones. From the implementation perspective we would just need to adjust the logic in the
EntityTranslationControllerInterface::getAccess()
method. The base implementation would rely only on the ET permissions while subclasses might extend its logic as needed.I think this approach would nicely satisfy all the goals depicted above, while still keeping things easy and familiar for site builders.
I could work on the implementation sunday afternoon if I get positive feedback about this proposal. Comments?
Comment #13
YesCT CreditAttribution: YesCT commented@plach the summary of new approach in #12 is thoughtful. The enumerated goals make sense and are a good direction IMO. Number 5 is going to be interesting to see.
Comment #14
BerdirThat means we neither need the edit original permission nor a checkbox to enable a more complex workflow, right? Sounds great to me, my main problem here was that enabling a module messes with the required permissions of something that worked before. That's not something you expect (unless it's a module that's supposed to do exactly that, like node permission modules ;))
Having to give users new permissions to use new features from a new module on the other side is the normal and expected workflow, so that's fine.
Comment #15
bforchhammer CreditAttribution: bforchhammer commented@plach and I just discussed some of my remaining concerns:
1) Having different routes means that there will be different pages on which the same entity values can be edited. My concern (or question rather) was whether this will make it any more difficult for developers to "override things". Most likely this won't be a problem, because both pages would still use the same entity form, which can be changed via hook_form_alter().
2) If we think about "access to entity values" being the resource which we are trying to restrict access to, then the proposed setup will cause an overlap: capabilities of the "translate" permission will be completely contained within the ones of the "edit permission" (as far as "entity values" are concerned). I think, it's generally better to have non-overlapping permissions, because they are easier to comprehend, explain, debug, extend. On the other hand, it does make sense for 'edit' to grant access to translation values, considering the two workflows which we want to support. Also considering that (with the new router system allowing multiple access callbacks) the behavior could be easily changed in contrib, it's more important to support our two main use-cases well.
So I think the proposal above is a good way forward!
Comment #16
plachHere is a first draft. Tests needs to be updated.
Comment #18
plach#16: et-workflows-1807776-15.patch queued for re-testing.
Comment #20
plach@Berdir found out what is failing :D
Comment #21
plachI definitely need some sleep :(
Comment #22
plachwtf
Comment #24
plachLet's try this.
Comment #26
plach(Hopefully) Fixed the last failing test.
Comment #27
BerdirI like the approach a lot. The entity type specific permissions make a lot of sense to me, although it's kinda ugly to have these module exists checks in hook_permissions(). Not sure if we could come with a pattern that would make this a bit nicer, like a method on the translation handler that is called in translation_entity_permission()? Could also have a default translate $entity_type permission...
We should also add descriptions to the entity type specific permissions to say that users also need the global translation permissions. And maybe a description to those noting that you might need the specific ones :)
Speaking of entities, I think this module (and now also Entity Reference which is close to being commited) are the first to actually use the term entity in the UI, which I assume might be quite confusing. Are there any plans/issues about that? For example the module name, I think Gabor always talked about a "Content translation" module (blocked by the existing one, of course), or something along those lines. Maybe we can also use that for permission and other UI's? We actually do have the concept of ContentEntity in core as well now, so it's not even that far off. There's the problem that we already use content for nodes in the UI, though :)
Not something that belongs here anyway, the entity is already in the permission name, we're just renaming them a bit around that.
Not sure if this is a feature request or a task but I hope we can get this in after dec 1 either way :)
Comment #28
bforchhammer CreditAttribution: bforchhammer commentedI just tested the patch with node and comment translation, and the permissions seem to do their job beautifully :)
Attached patch contains the following changes:
CommentTranslationController::getAccess()
andTermTranslationController::getAccess()
to fix visibility of links on comment translation overview pagetranslation_entity_overview()
.Warning: Missing argument 2 for Drupal\translation_entity\EntityTranslationController::entityFormSharedElements()
(appeared when translating a comment)translation_entity_edit_access()
andtranslation_entity_delete_access()
, so they cannot be accessed for the original entity language.Remaining issues:
translation_entity_translate_access
totranslation_entity_overview_access
to align it with the naming of other access functions?hook_entity_info_alter()
is now only used for the"$path/translations"
router item. So can we move it intohook_menu
or am I missing something?getTranslationAccess
)?Is this one actually used anywhere at the moment?
Comment #29
BerdirSounds like we're missing test coverage, not surprisingly :) Any chance we can easily add some test coverage for the things you found?
Note: I usually use -interdiff.txt for my interdiff's, much shorter than interdiff-do-not-test.patch :) Dreditor works fine with .txt files.
Comment #30
bforchhammer CreditAttribution: bforchhammer commentedMaybe we can start with some tests for the "pure translator" role (i.e. testing the new route). It's going to be hard to cover all combinations ;-)
I'm just following @plach's file-naming convention there :)
Comment #31
plachHere is a new one fixing #28/5 and providing test coverage. We should be more or less ready to go.
Comment #32
plachComment #33
plachComment #35
plachThis should fix failing tests and improve test coverage.
Comment #36
plachComment #37
plachNo more necessary, now the access check in there is way more generic.
I think we want to retain the ultimate ability to swap it with something different. However we can revisit this when the access system for the new routing is in place for the relevant routes. I think at that point we could even limit edit access for non-default languages to users having the 'update translations' permission. This would cleanly separate altering entity values in the original language and in other languages.
That one has been dropped in the latest iterations.
I think we need multiple access callbacks for this, i.e. waiting for all the routes to be converted to the new system.
Just an oversight. This should now be fixed and test-covered.
Comment #37.0
plachUpdated issue summary. added direct link to comment 107
Comment #37.1
plachUpdated issue summary.
Comment #37.2
plachUpdated issue summary.
Comment #37.3
plachUpdated issue summary.
Comment #39
plach#35: et-workflows-1807776-35.patch queued for re-testing.
Comment #40
BerdirLooks nice, yay for more test coverage!
I hope we can get rid of the non-translate access stuff on the translation controllers soon now that we have the entity access controller. Not sure about the translate related access stuff, not sure how extendable the controller is.
What is this for exactly? Why does it matter how those users are called?
Comment #41
plachI think we'll have to wait until all the entity types are actualy implementing the access controllers, I tried to use plain access controllers but almost nothing worked. I'd like to avoid postponing this on that one.
I think it can serve as good foundation to implement the feature, once we understand whether entity translations will be full-fledged entity objects we can rely on those and remove the special casing here or just have a separate translation access controller provided by ET that modules can extend if the y wish to do so. I'd totally prefer the former approach.
It's not a crucial change, but it's handy for assert messages. It makes more clear which "role" the users are covering in the various assertions. I think it's a harmless change :)
Comment #42
YesCT CreditAttribution: YesCT commentedI listed this issue on #1860522: [META] support (basis for a contrib) Translation Editorial Workflow (support for revisions for translations of entities)
Comment #43
YesCT CreditAttribution: YesCT commentedComment #44
plachAny chance to get an RTBC or a NW, here? ;)
Comment #44.0
plachUpdated issue summary.
Comment #45
bforchhammer CreditAttribution: bforchhammer commentedI've scheduled some drupal time for wednesday, so hopefully I'll manage to do a review then. :)
Comment #46
bforchhammer CreditAttribution: bforchhammer commentedI just tested the patch again with different combinations of permissions (and all core-entities), and I have to say I really like the approach. It supports the mentioned models quite well :)
Attached patch fixes a number of documentation issues, and adds descriptions for translate permissions as suggested by Bojhan in #27.
Overall code and tests look good to me. The only remaining issue I found was with node previews: translators (i.e. users without editing capability) do not get previews for translations because of
node_access()
checks innode_preview()
. (There also was a fatal error before, which I fixed by adding amodule_load_include
statement toNodeFormController::preview()
).Edit: the "do_no_test.patch" is the interdiff.
Comment #47
bforchhammer CreditAttribution: bforchhammer commentedNW based on #46 (node preview issue).
For reference, here's the respective meta issue: #1818580: [Meta] Convert all entity types to the new Entity Field APIFor reference, these are the respective issues:
#1862758: [Followup] Implement entity access API for terms and vocabularies
#1862750: Implement entity access API for nodes
#1862752: Implement entity access API for users
#1862754: Implement entity access API for comments
And we already have a follow-up issue as well: #1810320: Remove EntityTranslationControllerInterface::getAccess() once have entity access
Edit: updated the issue links above.
Comment #48
BerdirActually, Entity Field API isn't a requirement here. The issues mentioned in #1696660-117: Add an entity access API for single entity access are.
The descriptions wording could be improved a bit, I think. Maybe Bohjan has some suggestions?
Comment #49
Bojhan CreditAttribution: Bojhan commentedCan I have an image?
Comment #50
bforchhammer CreditAttribution: bforchhammer commentedSure :-)
Comment #51
Bojhan CreditAttribution: Bojhan commentedI don't follow, why we are even adding these descriptions. We don't do that for others things either, e.g. saying on "Article: Delete any content" that you will need "View published content" and/or "View own unpublished content", it sounds like we are adding circular descriptions.
Comment #52
tstoecklerIt seems that should be form_load_include()?
Comment #53
BerdirBecause they are permissions from completely different modules/groups. E.g, to translate Articles, you will need both "Article: translate any content" and "* translations" from the translation_entity module. As discussed above, this is a flexible model but it's not very intuitive when you look at that page and just see "Article: translate any content".
Comment #54
Bojhan CreditAttribution: Bojhan commentedWhy don't we just have the proper fix, which is to have tity translation Create/edit/delete per content type - rather than a generic toggles and a "do everything" permission for a specific content type :)
However as that might be out of scope, I would honestly just remove them and possibly move this workflow issue over to #1810386: Create workflow to setup multilingual for entity types, bundles and fields. This is a off pattern, and to me is more confusing than helpful as you are left scanning all over the page for each permission. I haven't see us do this for other "across categories".
Comment #55
tstoeckler#54, i.e. have access/create/edit/delete permissions per entity type, sounds like a good idea to me and also makes the set-up more flexible, i.e. you trust your users enough that they can delete comment translations but not node translations, but they can still create and edit node translations.
That would make the permissions page more unwieldy as it already is, but that page needs unwieldification anyway, so that shouldn't be a blocker IMO.
Comment #56
plachBenedikt and I deeply discussed this in IRC after his analysis, and we explored also the solution @Bojhan is suggesting. The problem with it is that we would be splitting access control configuration between the page which is dedicated to it (the permissions page) and a regular configuration page, which IMHO can be even more confusing than having combined permissions.
The problem with this approach, as explained in the OP, is that for some entity types we want bundle granularity, but defining 4 permissions for each defined bundle in the site will easily make the permission page explode. Moreover we would easily end-up with entity types that provide per-entity-type edit permissions and per-bundle translation permissions, which would be inconsistent and confusing.
This is possible also with the current proposal, it would just be matter of creating two roles: comment translator and node translator.Edit: it's true, but this looks a fairly advanced use case that could be solved by installing a module expanding on the Entity Access API.
Comment #57
plachRerolled, let's whether the bot is happy (this is stil NW per #46, however).
Comment #58.0
(not verified) CreditAttribution: commentedUpdated issue summary.
Comment #59
plachThis should fix failing tests and the preview issue. If we could have a feedback about #56 it would be great.
Comment #60
Gábor HojtsyPut on D8MI sprint board.
Comment #60.0
Gábor HojtsyUpdated issue summary remaining tasks
Comment #61
plach#59: et-workflows-1807776-59.patch queued for re-testing.
Comment #63
plachRerolled
Comment #65
plach#63: et-workflows-1807776-63.patch queued for re-testing.
Comment #66
BerdirThe changes look fine to me, the user role name feature is a bit off-context but small enough and certainly useful.
The main thing I'm a bit sad about is that we are implementing access checks here although we have a new system for this, issues to convert the existing functions and we should instead push those, not improve the workaround that we don't have one :)
Comment #67
Gábor HojtsyI agree having the global access/create/delete/edit permissions and only one "translate X" permissions to couple them for entity bundles is good. It keeps the permissions under a reasonable number. While it does not allow for crazy use cases where you can delete comment translations but not node translations, and it needs some cross-permission allocation, I think its overall cleaner than having 4 permissions for each bundle.
What I'm not comfortable with is the access permission that is added but then not used anywhere. Adding that without using it would definitely set up false expectations (eg. you could hide all translations by not granting that), so I'd not go into adding it without using it. Only add it if we use it.
Otherwise looks good to me :) Extensive tests too :)
Comment #68
plach@Berdir:
I agree, but this is a feature, those are tasks: this is subject to a deadline. I'll be happy to reroll this if those issues are fixed before this one.
@Gabor:
Great, I'll drop the "view translation" permission ASAP.
Comment #69
plachRemoved the view permission as per #68, improved the permission descriptions a bit and fixed a couple of issues I found reviewing my own code.
Comment #70
plach@Berdir:
About removing all those ugly
module_exists()
: #1446382: Need a reliable way to determine if a specific bundle for an entity type is translatable.Comment #72
plach#69: et-workflows-1807776-69.patch queued for re-testing.
Comment #73
plach@Gabor:
Are we missing anything to RTBC this?
Comment #74
Gábor HojtsyLooks all good to me :)
Comment #75
plach:)
Comment #76
webchickI don't have time to review this just now, but I'd like to loop this feature in under the "pre-thresholds explosion that is blocks as plugins fall-out" feature RTBC exception because plach did an AMAZING job getting us under thresholds the past couple weeks, and don't want his pet patch to suffer as a result.
Comment #77
plach@webchick:
I really appreciate it but to be honest this went RTBC today so I ain't sure it deserves this treatment :)
Comment #77.0
plachUpdated issue summary.
Comment #78
YesCT CreditAttribution: YesCT commentedI can confirm that the most recent patch acomplishes the goals in the issue summary.
here are some updated screen shots.
ps. I think it meets the criteria anyway (#35) it had a good patch before dec 1 and lots of progress in the weeks before.
Comment #78.0
YesCT CreditAttribution: YesCT commentedFixed typo
Comment #79
Bojhan CreditAttribution: Bojhan commentedI see my concerns where never addressed. All these messages sound way to excessive.
Comment #80
plachI tried to address your concerns in the latest patch, if the messages aren't good enough please provide suggestions, otherwise I am afraid this will be stuck in NW state indefinitely.
Comment #81
YesCT CreditAttribution: YesCT commented1) How about:
1a) "Role requires permission to create translations, edit translations, or delete translations."
It does shorten the message.
That would be similar to "Role requires permission to view revisions and delete rights for nodes in question, or administer nodes." which is and others similar to that are using.
1b) OR.. we could say See also: general translation permissions. and link to the name anchor on the page: #module-translation_entity
2) Would it help to have someone new to this patch test it to see if they found it confusing? I played with various combinations of permissions for about an hour and was able to figure out how to get each the simple and the editorial workflow configured and customize them further.
3) We can also add some hints to the help page, if people thought that would help.
Comment #82
Bojhan CreditAttribution: Bojhan commentedI dont know, I just dont get at all why we are adding this. We don't do it a whole lot for any other permissions, that require other permissions.
Comment #83
YesCT CreditAttribution: YesCT commented@Bojhan I went back to re-read your comments.
When you say we don't do it a whole lot for other permissions, I think you gave an example in #51
I looked at that case. Yep. Without view published content cannot delete (even when using just the url /node/X/delete).
Revisions say:
"Delete all revisions
Role requires permission to view revisions and delete rights for nodes in question, or administer nodes."
So... perhaps that means we need to add (oh, that's going to make you cringe) similar text to the Article delete permission!
I guess there are more implied dependencies that I was not aware of. Seems view published content is a dependency of the translation permissions too... Maybe that is the so prevalent that it's an exception not to list it as a dependency?
It probably does not bother many people because the view published content permission is on by default.
Is there another example of a hidden dependency besides View published content?
I know in the past I have wanted to be able to control view (the Read in CRUD) by content type and had to use some contrib, custom modules, and/or TAC to do that.
What would be the repercussions of putting this in as is, and then doing a follow-up to unify the way permission dependencies are handled in the ui, since there is a mix right now of help descriptions that list some, and some without. Maybe... a ui like the modules page, where extra info is collapsed under the permission name? It could list descriptions/help text and the dependencies there.
Comment #84
Bojhan CreditAttribution: Bojhan commentedExactly, and I am proposing to not go down that road and just rely on documentation for this.
Comment #85
Gábor HojtsyAll right, let's drop the dependency descriptions from this patch and then either do a user test on whether people get it this way to prove it works and/or figure out a way to display the dependencies more like the modules' page as @YesCT says. Looks like no other complaints with this patch :)
Comment #86
plachJust a clarification: should I drop all the descriptions or just the enty-type-specifc ones?
Comment #87
plachRemoved all descriptions.
Comment #88
Gábor HojtsyLooking at interdiff, looks like "Configure translatability of entities and fields." provides extra info for the permission and does not go under Bojhan's concerns for cross-permission descriptions, so I think that should still stay. The rest are explaining permission dependencies / combinations that Bojhan was concerned about. So I'd put back "Configure translatability of entities and fields." assuming the resulting patch would satisfy Bojhan's concerns.
Comment #89
plachHere it is
Comment #90
Gábor HojtsyI believe this satisfies Bojhan's concerns fully as well. So back to RTBC then.
Comment #91
webchickJumping into this patch blind (er. as blind as someone who's reviewed probably 70-80% of the multilingual issue can be :P~) without reading the issue (though I did scan the summary) so I can replicate a new user experience (as I try to do). Sorry if I say things that were already said. Sorry too for the sort of "stream of consciousness" review.
First, I had a momentary freak-out that I couldn't find the multilingual modules, but there they are at the bottom of the page now. :D I enabled all of them, accidentally coming across #1884936: Modules page looks silly in Bartik in the process. Found myself wishing once again for #1851128: Leave the details of just-enabled modules expanded in modules UI, because the help / perms / configure links are totally undiscoverable without it. :(
Anyway. :P Nothing to do with this patch. :P
I go to the language page and add French (unrelated side note: why does this not auto-download French translations like the installer patch does?). I also go to the People page and add a user named Françoise in the "French Translator" role (which I also create) and a user called peon with no special role.
Onto the permissions page.
I check the following under Content Translation:
- Administrer translation settings: Administrator
- Create translations: Administrator, French Translator
- Edit translations: Administrator, French Translator
- Delete translations: Administrator
And also give French Translator the ability to create and edit Articles.
Go to Content language settings. I allow translations of Articles' Body and Tags fields. (Side note: I checked Taxonomy but there was nothing in the table. I'm guessing that's not the fault of this patch, though...)
I reload the permissions page, but there doesn't seem to be any new functionality. Oh, but I LIE. On further inspection, there's a very subtle new permission under Article for "Translate any content."
PROBLEM: Don't think I would've found that permission there, I not been somewhat expecting it. :\ I only discovered it because of the stupid bug at #1153072: New content types (and other dynamic) permissions are not auto-selected for admin role—always give it all perms. There's probably been discussion about this up above, so I'll look later.
Add an article as admin with a title, body, tags, and an image. Log out, log back in as Françoise. See the translations tab, and I click it, and click "Add" next to the French translation.
Neat! Only see the Tags and Body field, and then a workflow box for marking a translation as out-dated. Translate those fields, leave the checkbox alone. Save. The fields show as translated on page load. Yay.
PROBLEM?: The big disadvantage to this approach is that I lose the context of the other fields, which might be handy for translation. For example, if this was a product, chances are seeing the product image might be useful when describing its attributes in French. However, I don't want to make the image itself translatable. Is this behaviour configurable in any way that I missed?
Now this starts to give me all sorts of evil ideas, such as: how does this "lite" form react when I do things like make the content type require revisions? Let's see!
Log out as Françoise, log back in as admin. (Side note: The french context stuck. Not sure that was intended. I manually hacked the URL and got back to the English version.)
First, I go to the article content type and turn on revisions. Save. Then I go back to the node and edit it from "I like cats" to "I like dogs", which is of course a huge difference, and thus requires me to check my "Flag other translations as outdated" checkbox.
PROBLEM?: That fieldset's real easy to miss if you're an admin, cos it's crammed in with other stuff. Though I suppose so is the revision information one...
PROBLEM?: There's no summary on the vertical tab, which makes it look weird compared to the others. Is this intentional?
I save and get some weird flash of content(?) and then see my node. Go to translations tab, and see "Outdated" next to French. Nice!
Log back in as Françoise. She sees the translation is outdated, and goes to edit it.
PROBLEM?: How, apart from obsessive tab clicking and very keen observation skills, does Françoise know any of her translations are out of date? Is there a block/view of out-dated translations that the site owner could put somewhere?
PROBLEM: On the edit form, my body field still says "J'aime les chats." How am I supposed to know what the English text is and more importantly how it changed? Keep two tabs open and read very carefully? Heck, she doesn't even know who marked it out-dated to contact them about it and ask what they changed, and there's no log message associated with it either to provide a hint.
PROBLEM: The revision checkbox/log is not on this form.
Going through the motions, I change "chats" to "chiens" and uncheck the translation box.
PROBLEM? It seems pretty weird to have to do the negative of something. It feels more natural to have a positive checkbox like "This translation is now up to date."
Click the Translations tab again, and no more outdated stuff.
====
Overall, this still feels very similar to the UX (with most of the same problems) that I reviewed back in October or whenever that was for the original Entity Translation UI. So I'm not sure exactly what part of that this patch is changing/improving. I need to go read the patch/issue now, but in the meantime maybe we have things to discuss...
Comment #92
webchickOh, one thing I can see right off is I was supposed to test translating with just admin too, for the "simple" workflow.
PROBLEM One thing I notice right off is I see that silly language selector on node/1/edit that has only "English" in it.
PROBLEM When clicking "edit" on the French translation as user 1, I get:
A hunch is that it's related to the URL being /fr/node/1/edit instead of node/1/edit? Not sure.
When submitting the translation, I also got more notices (they disappeared too fast for me to see them, but watchdog says they are the same error.
So we need some test coverage for that, or else I have a PEBCAK error.
Also, I guess this answers one of my questions above, which is if the extra context is important, then give the translators... uh... which permission? "administer translations" access? That doesn't seem right. "Administer content"? That's not ideal because that'll show them ALL of the fields on the form that the universe ever invented, including confounding vertical tabs for crazy-advanced contrib modules, and these people are typically not that kind of admin.
PROBLEM: I'm not sure which permission triggers "simple" vs. "complex" workflow. I can dig through the module to figure this out, but I ought to be able to figure this out from the permissions list without digging through the code.
Comment #93
webchickThat's probably enough to be "needs work" at this point.
Comment #94
plachYes, please, have a look to the issue
summary now. If I understood your review correctly, some of the (valid) problems you pointed out are unrelated to this patch. Some of them should already have an issue, btw. I'll review your review more carefully ASAP :)
Comment #95
Gábor Hojtsy@webchick: this patch adds permissions to allow people to slice and dice what do they allow for translators to do. 95% of the problems you identified exist with or without this patch.
RELATED:
1. You did not find the permissions: Well, the permissions list just grows which each module, especially cross-functional modules like this make permissions appear at all kinds of places. Is is better to list the permissions under the content translation module instead of right alongside editing permissions at other entities?
11. Permissions triggering complex/simple workflow: well, you see all the permissions. The combinations of them allow for covering simple and complex translation scenarios :)
UNRELATED:
2. Losing context of other fields like product image: not made worse or better in this patch, it is how per-field translation works now.
3. Outdated flag easy to miss: also predates this patch pretty much. The node form reorganization deals with surfacing such things much better.
4. No issue summary on vertical tab: bug, not introduced or changed by this patch.
5. Block/view of outdated translations: Again, the outdated flag predates this patch and is even in the D7 node-copy translation module. D7 does not have an outdated translation view either. Contrib modules deal with this. This is something we could do when the admin node listing is redone in views.
6. How does the translator know what is changed: Again, this is the same D7 experience with *both* node copy translation and field translation. I agree it sucks, but again it has nothing to do with this patch. It could definitely use improvement, not in this patch.
7. Revisions checkbox/log not on this form: is the revision log translatable? :)
8. Negative flag: predates this patch again, also the same in D7 node-copy translation in core (also in D6).
9. Silly language selector: well, it's the node's language. Not affected by this patch.
10. node_help() errors: bug predates this patch (and even entity translation altogether, it is bug with how routing was introduced in core): #1831846: Help block is broken with language path prefixes
Comment #96
plachcrosspost
Comment #97
webchickStarting to read the comments, only at the beginning, but I agree with that "Mark outdated" thing being possibly removed from core and moved to contrib, since there are a some issues with it atm. We should have a follow-up to discuss it.
However, skipping to the bottom again...
In general I like the permission structure of having global CUD permissions around translating, and then having distinct "yes you can translate things on this entity" permissions. It's a good way to simplify what might otherwise be a confusing and convoluted form. :) I still would put the "translate BLAH ENTITY" permissions along with the rest of the Content Translation permissions though, since those two are tightly linked and pretty much useless without each other.
I'm really not a fan though of this dark magical "If you have edit translations you get a simplified form BUT if you have edit content type perms you get the whole thing" behaviour. That definitely was not a choice I knew I could make that way, and I would've left Drupal with the impression it couldn't do what I was seeking in the simplified way.
It seems like configuring the translation workflow you want should be a separate concern from CRUD permissions around translations and entities. How I would personally approach this is just another setting in the "Configuration" table column at admin/config/regional/content-language that's something like (pretend these are radios :D):
Translation form workflow
( o ) Entire form is shown, with non-translatable fields indicated with "(All languages)" (default)
( ) Minimized translation form that shows only those fields which can be translated
YesCT mentioned that plach was opposed to this idea because it meant having to introduce translation CRUD on a per-entity basis, and I'm not sure I understand that concern. Going back to reading the issue again.
Comment #98
webchickDone with the issue. I agree with #56 that CRUD translation permissions per entity and/or a separate place to configure permissions for translations from the main permissions page would make me want to shoot myself in the face, but sounds like a nice contrib module. ;)
So I guess the main reason not to do #97 is because if the user doesn't have edit permissions to the node, what do you do about non-translatbale fields that are being shown to them? My initial impression would be #disabled = TRUE, but I'm sure there's a hole there...
Can you point me to where I'm sure this discussion probably already happened?
Comment #99
YesCT CreditAttribution: YesCT commented#95 1
Sounds a lot like: tags for modules page: #1868444: Introduce tags[] in module.info.yml file to categorize modules by provided functionality.
Comment #100
YesCT CreditAttribution: YesCT commented#91 @webchick
And #95 5 @Gábor Hojtsy
yep. this is kind of in #1279624: Add translation filter to content listing admin page
Maybe (in contrib) in the languages quick summary column, langcodes that are outdated could be red with an asterisk, and there could be a filter for outdated.
Comment #101
Gábor HojtsyI'm not sure this was written down somewhere, but it was certainly discussed at various in-person meetings at least. Usually the entity form does not work so it displays things you cannot edit if you don't have permission. Such as if you have permissions to submit forum posts, you see the title and body and forum category, but not the revisions fieldset or path alias, unless you have administer nodes. The same concept is applied to translation forms. It is indeed arguable that the fields not shown might have a much bigger effect on the translation experience vs. the content creation/editing experience.
The general technical hurdle AFAIK is that you cannot just #disable => TRUE a widget. How does a disabled calendar date picker or unlimited file upload widget (which has previews, drag and drop and label editing as well a new file upload portion) look? I don't think the general problem of displaying an arbitrary disabled field widget is solved yet. This concept can be introduced in the widget API, that would again need a sizable side track and is not really in the scope of this issue.
A disabled widget could also resort to rendering the frontend version of its output. That is tricky. Eg. revisions information have no frontend display mode, and the file list looks dramatically different on the frontend (even depending on whether you wanted files to display on the front end or not), so not sure that is pluggable into an editing/translation form as-is either.
Comment #102
plachWell, IMO the beauty of this solution is exactly in its responsiveness: you don't need to go and fiddle with yet another obscure configuration which you might not even know the existence of. I'm pretty sure that if we provided such a form someone would come up with it being unintuitive and obscure and "I don't know what an editorial workflow is" complaints would arise all the time, since apparently it's not a commonly understood terminology.
Well that would work, but there is nothing like an absolute "simple workflow" or "editorial workflow", they are just two names to indicate two extremes of a range of workflows that vary based on the permission set you apply. And this is exactly how entity forms have always worked in Drupal, showing only what you are allowed to see.
And btw, this has never been exactly the esasiest stuff to set up in Drupal. For instance you didn't see the revision log with the French translator because you didn't provide the related permission, not because of this patch ;)
To be honest I just think most the advanced stuff you can do with permissions (in all areas) cannot simply be groked without some experience.
Well, per-entity permissions are provided by the single entity-defining modules. To move them under the "Content translation" section we'd need to define some entity info keys ET could exploit to generate permission for each translatable entity. Then we would be back to a situation where you would have a mix of CUD permissions of different granularity under the same section (per-bundle node permissions, per-entity comment permissions and so on).
Actually per-bundle ;)
Everything we discussed on this topic that is not in this issue is in an IRC log and in #1829630: Improve workflow permissions (match D8 solution).
Comment #102.0
plachUpdated issue summary remaining tasks and added up to date screenshot.
Comment #103
plachSorry, I misunderstood: I thought we were talking about
#access = FALSE
. #101 is the proper answer to this.Comment #104
plachI added a couple of pointers to additional background information in the issue summary, not sure we discussed exactly #97 but most of the relevant stuff should be in there.
Comment #104.0
plachAdded background information
Comment #104.1
plachUpdated issue summary.
Comment #105
plachNo work to be done yet.
Comment #106
YesCT CreditAttribution: YesCT commented#91 @webchick
not related to this patch but:
#1804688: Download and import interface translations does automatically import the translations for french... or it will once there is a release for 8.x
it doesn't like the install patch #1848490: Import translations automatically during installation because that is a special case. It gets the .po files even without a release because (via Gabor in irc) of install_get_localization_release
Comment #107
plachComment #108
YesCT CreditAttribution: YesCT commentedthe middle of #91 about adding permissions, config language (enabling translation of article), creating role/ user is all looking good. Note the role might be better named "translator" and not "french translator". I believe adding permissions per language would be a contrib thing.
then:
And @Gábor Hojtsy in #95 under unrelated:
I think we had follow-ups as the result of the et-ui issue... nope. When I check my translator can see the (all languages) fields (and edit them, since they can edit articles)
also other "unrelated" bits in those comments... probably already have an issue: #1832836: Discuss how to view original translation from translation form
That might address wanting the context of "all languages" fields shown (but not editable, if the bundle edit permission is not given)
And #92 @webchick
And #98 @webchick
I get the feeling that @webchick is very interested in [##1832836: Discuss how to view original translation from translation form :)
---
the having to manually take out the fr langcode is not related to this issue. But in the usability testing, everyone missed the dsm to enable the language switcher block. we should probably open an issue to just enable it instead of show the message telling people to enable it. (I think that's ok because there are the context links to edit it, so they can easy discover how to disable it that way.)
---
#92 @webchick
I'm not sure how you got to that state. But I could not reproduce it (and if it's an issue, it would be a separate issue)
Comment #109
YesCT CreditAttribution: YesCT commentedregarding #97 @webchick
That sounds like a config setting for... #1832836: Discuss how to view original translation from translation form
===
Looks like the only other action here, is to move the bundle translation permissions under the general translation permissions section and per @plach in #102
That is at least it's own follow-up issue. *this is the only action item I think we have*
needs work was just cross posting.
I think this is rtbc once that follow-up is made.
Comment #110
YesCT CreditAttribution: YesCT commentedI think it might help to clarify, that many of the comments were problems with translation workflow in general.
This issue is just adding permissions to help *support* the workflow. Not implement it yet.
Comment #111
YesCT CreditAttribution: YesCT commentedhere we go. #1885146: Relocate bundle specific translation permissions
Comment #112
plachSorry, but I don't agree with that follow-up: I'd like at least that the concern I raised about mixing permissions with different granularities was answered.
Comment #113
YesCT CreditAttribution: YesCT commentedDid you read the follow-up? I thought we could hash that out there... one of the proposed solutions was won't fix. but I'm ok with the conversation happening in either place.
Comment #114
plachIf that's a strong pain point I'd prefer to address it here, every new issue is a new patch with its overhead. I see no blocker to address it here if we have to. That said I'd prefer to leve this as they are now.
Comment #115
YesCT CreditAttribution: YesCT commentedOk closed the other issue as a duplicate.
Next steps might be to get @webchick and @Bojhan to respond to
@webchick suggestion to move the bundle translation permissions under the general translation permissions section
and per @plach in #102
Comment #116
Bojhan CreditAttribution: Bojhan commentedThat probally would make sense, however its hard to visualize for me, could you show it?
Comment #117
plachHere is a reroll and a screenshot of how the Content Translation section could look like (I'm still not convinced about it).
Comment #118
Gábor Hojtsy@webchick, @Bojhan: what do you think?
Comment #119
webchickSo #117 is exactly what I had in mind, and looks great. Bojhan also said he liked it in IRC.
However, we had a loonnnnnngggg discussion in IRC today about this. There are a couple of challenges:
1) That granular list is not just per-content type, but per-entity and *sometimes* per-bundle. For example, "contact message" is per-entity, but "Article" is per-bundle, but "comments" is per-entity even though you could also reasonably do per-bundle, since there's a bundle per content type. And all of those are good UX decisions, to keep the list from being overwhelming/non-sensical. So we would need some kind of way of programmatically determining how granular the permissions should be (entity or bundle), if we don't make each module in charge of defining its own permissions in a way that makes sense for that module. That might be tricky.
2) Similarly, the actual names of those permissions are going to be difficult to programmatically define. We don't track plural names of entities, for one.
However, overall I think this is a better approach since it scales better to contrib (in the current patch, all entity module authors need to include a module_exists('entity_translation') check in their hook_permission() which is a bit ick). It also resonates with the feedback from http://groups.drupal.org/node/271918 of people being generally ecstatic of only having to go one place to configure their multilingual features.
plach was going to look into this and see how hard it was to do. I would say that centralizing the permissions is #1, making the names all nicely formatted could be a follow-up, as far as I'm concerned, as long as the initial pass isn't completely un-shippable.
Comment #120
webchickAnd regarding the workflow changes based on permission, plach actually brought me around on that. He noted that it's very similar to the way node form permissions work right now. For example, if you have Menu module enabled, and your user has permissions to edit menus, you'll see a vertical tab with menu settings below the main form. But if you don't have edit menu permissions, you won't. So really, this is doing the same thing. Admins will see the whole form, translators without edit perms will only see the parts of the form they need be concerned with.
I would love if we could add a sentence to hook_help() about this behaviour, but otherwise I think I'm good on that concern.
Let's rock! :)
Comment #121
webchickTalking about it more, we're not sure if that behaviour will be as much of a WTF as it was for me or not, so we're going to defer the help text writing to a follow-up during CMH, and let one of the newer contributors both test the behaviour as a "real" user and then also write help text that could've helped them figure it out, if they find it confusing. :)
Comment #122
tstoecklerI don't actually think that's a particularly good decision. For any real Drupal site (i.e. with a bunch of modules) the permissions page is crazy-long anyway. And I don't consider the screenshot in #117 to be super user-friendly either. Our permissions page just doesn't scale anymore and hasn't for quite some time. That is a separate issue, though, albeit one we should definitely fix. Therefore I don't understand the reasoning for removing another 5-10 permissions from that list (the comment *bundle* translation permissions) because that supposedly makes the list that much more user-friendly. It is a marginal improvement at best, it introduces inconsistencies between entity types and it hides a feature that we already support.
Comment #123
BerdirThe main reason for having a single permission for comments is *not* to keep the number of permissions down. It is to stay consistent within comment permissions. There is only a single edit comments permission, so why should there be a 26 different translate permissions?
Comment #124
tstoecklerAhh, I didn't realize that. Thanks for clearing that up. I take #122 back :-)
Comment #125
Gábor HojtsyIn other words, the translation permission granularity is unified with the permission granularity of the entity module so it looks odd to be different when listed under the entity translation module but it looks naturally fitting when shown among the other permissions for the entity. One more reason to list the permissions with the other entity permissions? :)
Comment #126
plachI really think we should test both ways, but we can't. The only indication from users we have right now is that they like things grouped together (the content language settings page). This approach will let us do things in cleaner way in code, this is why I agreed with @webchick to try this route. I think we can still revert back to permissions split per-entity/bundle if the current approach performs badly on user tests.
Comment #127
Gábor Hojtsy@plach: good plan!
Comment #128
webchickRather off-topic, but in response to #122, another reason not to do per-content type comment permissions is because "Comment" comes alphabetically before "Content type" (or "Node") so people see it first, and then get confused thinking they're setting content type permissions. That happened to someone in the usability testing at http://groups.drupal.org/node/271918.
Comment #129
plachHere is a plain reroll. Setting to needs review to have a testbot pass, I'm working on the discussed changes right now.
Comment #131
plachHere is a patch implementing #117 and fixing failing tests.
Comment #133
plachSilly me :(
Comment #134
BerdirThis looks great from the code perspective. We will see works out in terms of UX but we need to get it in to test that.
I am still unhappy about all that stuff being in the entity info definition because of two things:
a) Parsing annotations is slow and having it in there means it needs to be parsed and cached even for sites that do not use entity translation.
b) translation_entity.module is cheating because, despite being an optional module, it is in core and can alter the core EntityManager + documentation of that for it's own optional stuff.
There is an issue to put bundle and view mode information into separate hooks. I would suggest to do the same with the entity translation information.
Of course, in a follow-up issue but I wanted to write it down :)
I guess it's unlikely that there is no bundle label, but I'd suggest to fall back to the machine name in that case instead of an empty string. Otherwise we end up with identical labels..
Also, wondering if there should be a way to disable the automatic permission definition, maybe because an entity type wants to do something completely different. Not sure if that should be a separate flag or if we should use a string or constant to separate between none/entity/bundle..
Comment #135
plachWe could also provide those info through
hook_entity_info()
implementations, since many of them are not ET specific in the end. No strong preference here.I wholeheartedly agree: in the first iterations of the initial ET patch the documentation for the ET specifc keys was in a
translation_entity.api.php
file, but apparently this was not the right way to do it. However I'm also disturbed by this situation, as it clearly breaks the dependency chain by referring to ET in a place where there should be no knowledge about it.I picked the second option as this was my initial approach yesterday, before going for a simpler one. Anyway the idea is this entity info could be resued by any module needing to implement entity permissions in a generic fashion, but now we have a global killswitch which means that every module relying on it won't provide permissions if the
permission_granularity
key is empty.Comment #136
plach@Berdir:
Any other concern?
Comment #137
YesCT CreditAttribution: YesCT commented#135: et-workflows-1807776-135.patch queued for re-testing.
Comment #139
YesCT CreditAttribution: YesCT commentedhere was the conflict... seems just new stuff. So I kept all that.
I dont know why there was a conflict...
Comment #141
plachRerolled + screenshot :)
Comment #142
plachComment #143
BerdirThis change proves that the first part of this test is in fact relying on the user 1 and not the one that was created because the created user would not have access to create. The drupalLogin() isn't doing anything. Not a problem of this patch, just confirms my confusion in the entity DUBT issue.
Can't you call $entity->access($op) here? That's how this is used usually, this is too ugly :)
Should be Contains \Drupal\...
Otherwise this looks good to me. Can someone do a quick re-roll for the last two points and then I can RTBC this so that webchick can have a look at the UI/permissions.
Comment #144
plachHere it is!
Comment #145
BerdirThat's so much nicer :)
The requested permission changes were made, back to RTBC.
Comment #146
plachThanks!
Updated screenshot is in #141
Comment #147
tstoecklerIn EntityInterface:
I might be completely on the wrong track, but wasn't the intent of passing $langcode the ability to allow/restrict permissions per-language? I.e. I want to give user "tstoeckler" permission to translate to German and user "plach" to translate into Italian, but I definitely don't want to give "tstoeckler" permission to translate into Italian. :-)
I totally don't think we should solve that in core, but if we leave it in the interface, we will be passing the langcode around everywhere and therefore allow contrib to solve that.
Thoughts?
Comment #148
plach@tstoeckler:
You are making a very valid point: I've been thinking about this for a while and actually tried to add the new
$langcode
parameter and see whether it made sense given the current status. The result was honestly confusing and unhelpful. The main reason is that atm we have pretty inconsisent access control wrt language: the entity access controller has a langcode parameter in all its access methods, but theAccessibleInterface
provided by the Typed Data API, which is implemented by all entities, has no langcode parameter. For this reason in the translation overview code we would end-up with$entity->access($op)
calls next to$controller->getTranslationAccess($entity, $op, $langcode)
calls, which would be very inconsistent. Moreover the langcode parameter would be ignored in the current implementation, which would add even more confusion to this mess.Another thing we need to take into account is that our current translation access control is hardcoded into the translation controller and, as such, cannot actually be replaced by a language-aware access control system.
All of this considered, I decided to punt on this part and just add a todo, since I think we need a far more solid API to rely on to support the (totally valid) use case mentioned in #148. Specifically I think we need an entity translation access controller, providing the canonical access checks the current entity access controller provides, which in turn means being able to treat entity translations as standalone entities (see #1810370: Entity Translation API improvements). In this scenario we would be able to do something like the following:
The langcode parameter could be dealt with or ignored in core, but this way the access controller could be replaced by a language-aware version.
To solve the inconsistency between the access controller and the language-unaware
Entity::access()
method we could easily add a langcode parameter toAccessibleInterface
, but I think this is indicating us we may need a cleaner solution. I've been thinking about this for some month now and I think that if theEntityTranslation
class implemented theEntityInterface
and was refactored to be just a simple wrapper around the parent entity object, we could rely on itslanguage()
method to get the language whenever we want instead of passing it around all the time, we would be actually injecting it. In this scenario, the access checks for the edit and translate operations would be:By the way, in this scenario the
$translation
object could be passed around and used as the wrapped entity. IMO this would greatly simplify the Entity API DX, because we would be introducing the concept of "active language" without introducing a state in the entity object.Comment #149
plachUnintentional status change :)
Comment #150
YesCT CreditAttribution: YesCT commentedAh, I see. The recent change was just adding a todo.
I tried this manually too and it works as desired.
Comment #151
tstoecklerWow, thanks for the detailed explanation. It all makes complete sense and I have nothing to add. RTBC++
Comment #152
plachRerolled after #1822458: Move dynamic parts (view modes, bundles) out of entity_info().
Comment #153
plachehm
Comment #155
plachBetter reroll.
Comment #156
plachComment #157
YesCT CreditAttribution: YesCT commented#155: et-workflows-1807776-155.patch queued for re-testing.
Comment #159
plachRerolled
Comment #160
plachRerolled the patch to adjust the new views integration tests per #1896268-23: Add Views integration for translation_entity.
I'm also recategorizing this as task, since it's mostly refactoring an already existing functionality more than introducing a new one: the only additions are three new permissions in the pemissions section + bundle permission granularity.
Since this requires a big refactoring of the ET tests, which will make writing new ones easier and cleaner (see the attached interdiff), I'm requesting @webchick to evaulate the possibility to consider this as a UX improvement and thus commit it despite us being over thresholds. In fact rerolling this will become more and more painful the more tests we add to ET.
I don't think this is an unfair request, since in this case the limit between feature and task is very blurred and I think this could go in even after feature completion.
Comment #161
plachQED :(
Comment #162
tim.plunkettI can vouch for the last two interdiffs (and it was RTBC before).
Comment #164
plach#161: et-workflows-1807776-161.patch queued for re-testing.
Comment #165
Gábor HojtsyComment #166
plachTo reduce the impact of this patch I've restored the 'translate any entity permission' which there is no reason to remove now that all permissions are handled by ET.
Comment #167
Gábor Hojtsy@plach: let's settle and let this land ok? :) (changes look minimal and good).
Comment #168
plachSure, I'll just provide rerolls as needed :)
Comment #169
webchickSneaky category change. ;) I guess I can maybe get behind that.
I ran into #1902758: Translation settings are available also for entity types not supporting translation while testing this issue, but it doesn't seem related. Here's what the permissions screen looks like with all options that you can enable, enabled:
Definitely not ideal, but also definitely legible, so I think it'll work for now. We should prioritize getting some kind of thing into entity API so that entities can declare plural versions of their names; that would help a lot with the broken English here.
I'm not totally sure why article and page are not capitalized though; seems like that should be possible... they're declared that way to begin with.
One place you do run into some weirdness is that while "Translate comment" is just one permission, the configuration form actually lets you break down translation access per-content type. However, presumably those options just wouldn't appear on a non-translatable comment form and so this permission would be a non-issue.
Code-wise it looks like this addresses the stuff I was talking about. No more module_exists('translation_entity'), now just an extra 'permission_granularity' param to the equivalent of hook_entity_info().
It'd be ideal if something other than translation_entity used that string; for example, it replaced hook_perm() in node.module, user.module, etc. Maybe a follow-up for that.
That change doesn't look like it has anything to do with this patch? It's used in places like:
But you could just as easily just compare $this->translator->name == 'translator', could you not? If we choose to keep that parameter, it needs a datatype on the @param string.
I've Committed and pushed this to 8.x so that we can unblock other issues, but I'd love a quick follow-up to fix the capitalization on Article/Page and to remove that $name parameter on drupalCreateUser(), or else make a stronger case for adding it (and then fix the param docs).
Comment #170
webchickComment #171
plachAwesome, thanks!
Fixed capitalization that was lost while rerolling this after the new bundle stuff went in.
For what concerns the
drupalCreateUser()
change, here is the relevant place where it is used:I think this is a legitimate use case since otherwise we'd need to update the user entity and resave it to have readable label in the assertion message. The attached patch adds the data type.
Comment #172
plachHere are two change notices, one for the new ET permissions and one for the new entity key.
http://drupal.org/node/1903128
http://drupal.org/node/1903124
Not sure about this: to be able to exploit it we should have a module should defining CUD permissions for all the defined entities. And the permissions would belong to its section in the permission page. This sounds as really big UX change, not mentioning the fact that we are still lacking a way to provide more meaningful permission labels.
Comment #173
Gábor HojtsyChange notices look good. The updates look good and minor :) Not critical anymore.
Comment #174
plachI linked this issue and the CRs in #1903138: Move global comment permissions to comment-type level, which may be a sensible place where exploiting the new key.
Comment #175
webchickCommitted to 8.x, thanks! Will push in about a half hour.
Restoring previous properties.
Comment #176
Gábor HojtsySuperb, thanks all!
Comment #177.0
(not verified) CreditAttribution: commentedUpdated issue summary.
Comment #178
plach