Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
See #1891690-18: Use EntityListController for vocabularies
"disable" always appears for config entities that do not support status.
Comment | File | Size | Author |
---|---|---|---|
#6 | status-1994910-6-fail.patch | 2.75 KB | twistor |
#6 | status-1994910-6.patch | 4.81 KB | twistor |
#1 | status-1994910-1.patch | 2.05 KB | tim.plunkett |
Comments
Comment #1
tim.plunkettNeeds a test.
Comment #2
BerdirJust noticed this on contact categories. Do we just want to use those and make sure they don't have a disable operation or do we need a test entity type for this?
Comment #3
twistor CreditAttribution: twistor commentedStabbing at some tests.
Comment #4
andypostjust needs test and review all configurables
Comment #5
twistor CreditAttribution: twistor commentedCross-post.
Comment #6
twistor CreditAttribution: twistor commentedI'm not sure if this is too much of a hack or not, but it illustrates the problem.
Off to review all configurables.
Comment #7
twistor CreditAttribution: twistor commentedThis patch fixes the bug for:
ShortcutListController doesn't call parent::getOperations(). Not sure if that's a bug.
BlockListController doesn't call getOperations() at all.
Comment #8
tim.plunkettI think fixing both BlockListController and ShortcutListController deserve separate issues. (And yes, they probably need to be fixed.)
Comment #9
twistor CreditAttribution: twistor commentedFollowups:
#1995046: BlockListController doesn't call parent::getOperations() and so "delete" is the default dropbutton operation
#1995048: EntityListController::getOperations() should respect access checks
Comment #10
twistor CreditAttribution: twistor commentedComment #11
BerdirAs pointed out in #1856556: Convert user contact form into a contact category/bundle, it seems to we should do entity access checks by default for the edit and delete operations. That will require us to add an access controller for all config entities that use this but we want that for other things anyway I guess, e.g route access checks.
Maybe there already is an issue for that?
Comment #12
tim.plunkettI retitled #1995048: EntityListController::getOperations() should respect access checks since it actually was doing what #11 described
Comment #13
alexpottCommitted 66e6eb8 and pushed to 8.x. Thanks!