As a security team member, it's very difficult since the D7 upgrade to find/track security advisories that are in progress but not yet published.

Please add another tab to the /security page

This tab should have a view only accessible to admins and/or security team role that shows all unpublished SAs and PSAs (i.e. the content of the other tabs when they are published).

CommentFileSizeAuthor
#3 2390955-3.patch4.45 KBpwolanin
#1 2390955-1.patch3.63 KBpwolanin

Comments

pwolanin’s picture

pwolanin commented
Issue summary: View changes
Status: Active » Needs work
StatusFileSize
new 2390955-1.patch3.63 KB

Here's a start, but still needs testing and the role-based access added.

Not sure where the tabs come from either?

drumm’s picture

drumm
he/him
Location NY, US
commented

The tabs are in drupalorg_crosssite; and we don't have a clean way to permission them, so far every tab has been available to everyone. The menu system, I think a local task, will be nicer; the menu system will be better at handling permissions.

Moving the whole set of Views to a Feature would not be a bad thing.

pwolanin’s picture

pwolanin commented
Status: Needs work » Needs review
StatusFileSize
new 2390955-3.patch4.45 KB

Ok, well not sure about featurizing. Here's a version with the tab and role-based access.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

+1 for this idea. Thanks for working on it pwolanin!

drumm’s picture

drumm
he/him
Location NY, US
commented
Issue tags: +needs drupal.org deployment

  • drumm committed 9a62e59 on 7.x-3.x authored by pwolanin 
    Issue #2390955 by pwolanin: Add admin-accessible tab for unpublished SA'...
drumm’s picture

drumm
he/him
Location NY, US
commented
Status: Needs review » Fixed
drumm’s picture

drumm
he/him
Location NY, US
commented
Issue tags: -needs drupal.org deployment

Now deployed: https://www.drupal.org/security/unpublished

pwolanin’s picture

pwolanin commented

Thanks - though I don't see the tab?

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

Yeah, the tab is not visible, but the url seems to work.

yesct’s picture

yesct commented
Status: Fixed » Needs work

needs work for the tab, unless @drumm wants a separate issue for that.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

It's also "needs work" because it doesn't contain any content.

pwolanin’s picture

pwolanin commented

Apparently the terms to exist in the table when the content is unpublished

drumm’s picture

drumm
he/him
Location NY, US
commented
Status: Needs work » Postponed
Related issues: +#2461167: Create Security announcement content type

Views joins on the taxonomy_index table to know which nodes have the security announcement terms. This table is only maintained for published nodes, so it won’t show anything.

#2461167: Create Security announcement content type would move this from a term to a content type, making the View possible without any trickery.

drumm’s picture

drumm
he/him
Location NY, US
commented
Status: Postponed » Fixed
Related issues: +#3475098: Add a View of unpublished security advisories for security team members

https://www.drupal.org/project/drupalorg/issues/3475098 actually did this. Marking flxed for crediting the work done here.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.