See #1891690-18: Use EntityListController for vocabularies

"disable" always appears for config entities that do not support status.

CommentFileSizeAuthor
#6 status-1994910-6-fail.patch2.75 KBtwistor
#6 status-1994910-6.patch4.81 KBtwistor
#1 status-1994910-1.patch2.05 KBtim.plunkett
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

tim.plunkett’s picture

tim.plunkett
he/him
Primary language English
Location Philadelphia
CreditAttribution: tim.plunkett commented
Status: Active » Needs review
FileSize
status-1994910-1.patch2.05 KB

Needs a test.

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir commented

Just noticed this on contact categories. Do we just want to use those and make sure they don't have a disable operation or do we need a test entity type for this?

twistor’s picture

twistor CreditAttribution: twistor commented
Assigned: Unassigned » twistor

Stabbing at some tests.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented
Assigned: twistor » Unassigned

just needs test and review all configurables

twistor’s picture

twistor CreditAttribution: twistor commented
Assigned: Unassigned » twistor

Cross-post.

twistor’s picture

twistor CreditAttribution: twistor commented
FileSize
status-1994910-6.patch4.81 KB
status-1994910-6-fail.patch2.75 KB

I'm not sure if this is too much of a hack or not, but it illustrates the problem.

Off to review all configurables.

twistor’s picture

twistor CreditAttribution: twistor commented

This patch fixes the bug for:

  • CustomBlockTypeListController
  • CategoryListController
  • PictureMappingListController

ShortcutListController doesn't call parent::getOperations(). Not sure if that's a bug.
BlockListController doesn't call getOperations() at all.

tim.plunkett’s picture

tim.plunkett
he/him
Primary language English
Location Philadelphia
CreditAttribution: tim.plunkett commented
Status: Needs review » Reviewed & tested by the community
Issue tags: -Needs tests

I think fixing both BlockListController and ShortcutListController deserve separate issues. (And yes, they probably need to be fixed.)

twistor’s picture

twistor CreditAttribution: twistor commented

Followups:
#1995046: BlockListController doesn't call parent::getOperations() and so "delete" is the default dropbutton operation
#1995048: EntityListController::getOperations() should respect access checks

twistor’s picture

twistor CreditAttribution: twistor commented
Assigned: twistor » Unassigned
Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir commented

As pointed out in #1856556: Convert user contact form into a contact category/bundle, it seems to we should do entity access checks by default for the edit and delete operations. That will require us to add an access controller for all config entities that use this but we want that for other things anyway I guess, e.g route access checks.

Maybe there already is an issue for that?

tim.plunkett’s picture

tim.plunkett
he/him
Primary language English
Location Philadelphia
CreditAttribution: tim.plunkett commented

I retitled #1995048: EntityListController::getOperations() should respect access checks since it actually was doing what #11 described

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott commented
Status: Reviewed & tested by the community » Fixed

Committed 66e6eb8 and pushed to 8.x. Thanks!

Automatically closed -- issue fixed for 2 weeks with no activity.