I've created a custom module presenting a tab on the group entity allowing users with the correct permissions to edit the menu tree relative to just their group (used menu field to put a menu on the group entity).

I created the following custom permissions in a file group_content_submenu.group.permissions.yml

access group menu edit:
  title: 'Edit group menu'
  description: 'Allow users to edit the group menu'

I then on the route for the group men editing placed the following code:

group_content_submenu.menu_form:
  path: '/group/{group}/menu'
  defaults:
    _form: '\Drupal\group_content_submenu\Form\GroupMenuForm'
    _title: 'Edit Group Menu'
  requirements:
    _permission: 'access content'
    _group_permission: 'access group menu edit'
    _group_member: 'TRUE'
  options:
    _admin_route: TRUE

With the group permission and group member removed, this all works fine. With either of those added by themselves, this doesn't work for anyone even superadmin or an administrator with "bypass group access controls" permission.

Is there some aspect I am missing about requirements in the routing file, or do we have a bug here with group and allowing custom group permissions to integrate easily?

Comments

jnicola created an issue. See original summary.

jnicola’s picture

jnicola CreditAttribution: jnicola at Oregon Health & Science University (OHSU) commented
Category: Bug report » Support request
Priority: Normal » Minor
Status: Active » Closed (works as designed)

Update, turns out I had something wrong here, you have to get all of the various parts just right in order for it to treat group as an entity.

In your routing:

group_content_submenu.menu_form:
  path: '/group/{group}/menu'

In your form class:

use Drupal\group\Entity\GroupInterface;
...
public function buildForm(array $form, FormStateInterface $form_state, GroupInterface $group = NULL) {

It's important to have that use in there, and the GroupInterface typehinting, and set it to NULL if nothing is passed (requirement to match interface) You also need to name the parameter for group exactly group, or it'll take the GID as a string, and not use it to load a group object... or so it seems.

theuni’s picture

theuni CreditAttribution: theuni commented

Great I was looking for something like this. Also my clients requested to have a few roles & permissions not only group-type related, but group related. Any idea how to approach this?