Possible to configure in such a way that the node form has no "Save" button [#2738869]

Problem/Motivation

Under certain configurations, a user can arrive at a node form and only find a Preview button, or if preview is disabled, no button at all.

Steps to reproduce

Enable moderation on the Article content type
Grant authenticated users the permission to create article content
Log in as a normal authenticated user
Try to add an article

Proposed resolution

Potential resolutions:

Deny access to the add page if the user doesn't have access to the default moderation state
Allow access to the add page, use a simple Save button, and then default the content to its default moderation state

Remaining tasks

Discuss potential resolution options, and implement.

User interface changes

Yes.

API changes

Data model changes

Comment	File	Size	Author
#40	workbench_moderation-2738869-35.patch	6.14 KB	Namzhilma Zhambalova
#40	8.x-1.x: PHP 7 & MySQL 5.5, D8.6 Simpletest fatal error
#34	workbench_moderation_2738869_34.patch	11.26 KB	pericxc
#34	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.3 38 pass, 57 fail PHP 5.6 & MySQL 5.5, D8.3 38 pass, 57 fail PHP 7 & MySQL 5.5, D8.3 72 pass 8.x-2.x: PHP 7 & MySQL 5.5, D8.2 72 pass
#34	interdiff-workbench_moderation_2738869_09-34.txt	2.93 KB	pericxc
#31	workbench_moderation-2738869-09.patch	11.21 KB	pericxc
#31	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass
#31	interdiff-workbench_moderation-2738869-08-09.txt	2.68 KB	pericxc
#27	workbench_moderation-2738869-08.patch	10.94 KB	pericxc
#27	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 71 pass, 2 fail PHP 5.6 & MySQL 5.5, D8.2 71 pass, 2 fail PHP 7 & MySQL 5.5, D8.2 71 pass, 2 fail
#27	interdiff-workbench_moderation-2738869-07-08.txt	2.3 KB	pericxc
#25	workbench_moderation-2738869-07.patch	10.58 KB	pericxc
#25	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass
#25	interdiff-workbench_moderation-2738869-06-07.txt	2.76 KB	pericxc
#22	workbench_moderation-2738869-06.patch	11.48 KB	pericxc
#22	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass
#22	interdiff-workbench_moderation-2738869-05-06.txt	1.52 KB	pericxc
#17	workbench_moderation-2738869-05.patch	11.25 KB	pericxc
#17	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass, 1 fail PHP 5.6 & MySQL 5.5, D8.2 72 pass, 1 fail PHP 7 & MySQL 5.5, D8.2 72 pass, 1 fail
#17	interdiff-workbench_moderation-2738869-04-05.txt	4.7 KB	pericxc
#11	workbench_moderation-2738869-04.patch	8.34 KB	pericxc
#11	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass
#11	interdiff-workbench_moderation-2738869-03-04.txt	4.95 KB	pericxc
#8	workbench_moderation-2738869-03.patch	5.14 KB	pericxc
#8	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 68 pass PHP 5.6 & MySQL 5.5, D8.2 68 pass PHP 7 & MySQL 5.5, D8.2 68 pass
#8	interdiff-workbench_moderation-2738869-01-03.txt	5.78 KB	pericxc
#4	workbench_moderation-2738869-01.patch	1.54 KB	pericxc
#4	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 67 pass PHP 5.6 & MySQL 5.5, D8.2 67 pass PHP 7 & MySQL 5.5, D8.2 67 pass

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

1 June 2016 at 16:47

jhedstrom created an issue. See original summary.

Comment #2

scookie CreditAttribution: scookie commented 3 June 2016 at 23:01

Note: This can also occur on the Edit draft page when the user doesn't have access to any state transition for which the "from" state matches the current state of the node and the "to" state is enabled for the content type of the node. User only sees a Cancel button (when that button is enabled).

Comment #3

scookie CreditAttribution: scookie commented 23 June 2016 at 23:25

Another scenario in which this can occur is if no state transition has been added involving the default state for the content type.

Comment #4

pericxc CreditAttribution: pericxc commented 27 June 2016 at 21:25

File	Size
workbench_moderation-2738869-01.patch	1.54 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 67 pass PHP 5.6 & MySQL 5.5, D8.2 67 pass PHP 7 & MySQL 5.5, D8.2 67 pass

This patch take fix this issue with #1 proposed resolution.

Comment #5

pericxc CreditAttribution: pericxc commented 27 June 2016 at 21:26

Status:

Active

» Needs review

Comment #6

jhedstrom

English

Portland, OR

CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented 27 June 2016 at 21:46

```
+++ b/workbench_moderation.module
@@ -235,3 +235,37 @@ function workbench_moderation_views_data_alter(array &$data) {
+function wdc_user_node_create_access(AccountInterface $account, array $context, $entity_bundle) {
```
This should be implemented on behalf of the workbench_moderation module.

It should be noted that by solving this via a node-specific hook, this solution will only be applicable to nodes. I haven't done further investigation to determine if there is a more general solution, but this should be fine for the time being.

+++ b/workbench_moderation.module
@@ -235,3 +235,37 @@ function workbench_moderation_views_data_alter(array &$data) {
+    $definitions = \Drupal::config('node.type.' . $entity_bundle)->get('third_party_settings');
+    $default_moderation_state = $definitions['workbench_moderation']['default_moderation_state'];

Rather than directly load the setting from config, I think it would be preferable here to load the config entity (in this case it would be a NodeTypeInterface) via the entity type manager, and then the getThirdPartySetting($module, $key, $default = NULL) method could be used.

Comment #7

kevin.dutra CreditAttribution: kevin.dutra at Workday, Inc. commented 28 June 2016 at 17:35

I agree with @jhedstrom on his first point. I think it would be better to take the more generic approach using hook_entity_create_access().

Also, as @scookie mentioned in #2, we would also need the equivalent version of hook_entity_access() to cover edit access too.

Comment #8

pericxc CreditAttribution: pericxc commented 29 June 2016 at 17:53

File	Size
interdiff-workbench_moderation-2738869-01-03.txt	5.78 KB
workbench_moderation-2738869-03.patch	5.14 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 68 pass PHP 5.6 & MySQL 5.5, D8.2 68 pass PHP 7 & MySQL 5.5, D8.2 68 pass

Comment #9

jhedstrom

English

Portland, OR

CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented 29 June 2016 at 19:10

+++ b/src/ModerationInformationInterface.php
@@ -208,4 +209,20 @@ interface ModerationInformationInterface {
+   * @param $entity_type_id
...
+   * @param $entity_bundle

Parameter type is missing here.

+++ b/src/ModerationInformationInterface.php
@@ -208,4 +209,20 @@ interface ModerationInformationInterface {
+  public function isModerationBundleCreateValid(AccountInterface $account, $entity_type_id, $entity_bundle);

Perhaps rename this method to hasValidTransitions()? It could then be used for the edit operation too (which still needs to be implemented).

+++ b/workbench_moderation.module
@@ -180,7 +180,7 @@ function workbench_moderation_node_access(NodeInterface $entity, $operation, Acc
+    return !empty($transition_validation->getValidTransitionTargets($entity, $account))

Is this change necessary?

+++ b/workbench_moderation.module
@@ -235,3 +235,16 @@ function workbench_moderation_views_data_alter(array &$data) {
+ * Implements hook_node_create_access().

This is still node-specific. Can the same be achieved more generally via the entity hook mentioned above?

These changes are complex enough that I think some tests would help ensure this situation doesn't happen again (those tests can also be used to demonstrate the current bug this is fixing).

Comment #10

pericxc CreditAttribution: pericxc commented 29 June 2016 at 22:33

@jhedstrom

#4 The reason I used hook_node_create_access() because hook_node_access() no longer fires for the 'create' operation: Issue.

#3 I think it is necessary in case an empty array for target states is returned. That is the fix for the bug scookie mentioned in #1.

The rest will be fixed.

Comment #11

pericxc CreditAttribution: pericxc commented 5 July 2016 at 23:19

File	Size
interdiff-workbench_moderation-2738869-03-04.txt	4.95 KB
workbench_moderation-2738869-04.patch	8.34 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass

Comment #12

jhedstrom

English

Portland, OR

CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented 6 July 2016 at 20:38

Status:

Needs review

» Reviewed & tested by the community

This is looking really good.

@pericxc pointed out that there isn't really a generic entity access hook, so for the time being, this will need to be mostly node-specific.

I'm going to mark this RTBC to get a few more eyes on for review.

Comment #13

kevin.dutra CreditAttribution: kevin.dutra at Workday, Inc. commented 6 July 2016 at 21:10

Status:

Reviewed & tested by the community

» Needs work

Putting back to "needs work" for a minute just to make sure I'm understanding things correctly about the generic entity access point. There are a couple generic entity access hooks available:

The current implementation uses the entity type specific variants of these hooks:

Wouldn't we want to use the more generic forms? Workbench Moderation is applicable to entity types beyond just nodes, right? Or am I missing something? :)

Comment #14

jhedstrom

English

Portland, OR

CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented 6 July 2016 at 21:30

@kevin.dutra you're totally right. When I spoke with @pericxc whatever search I was using to find docs on those seemed to not find them.

So given that, I think the node-specific access hooks should be refactored, and one additional test should be added that uses a non-node entity type (EntityTest probably).

Comment #15

pericxc CreditAttribution: pericxc commented 7 July 2016 at 15:54

@jhedstrom and @kevin.dutra,

The module is using hook_node_access for the 'view' and 'update' operation, so it seemed logical to use hook_node_create_access to for 'create' operation.

Comment #16

jhedstrom

English

Portland, OR

CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented 7 July 2016 at 16:33

The module is using hook_node_access for the 'view' and 'update' operation

Indeed it is. So perhaps this patch can continue to utilize node-specific access, but we could open a follow-up to generalize this logic where possible. Note the isPublished() method utilized in workbench_moderation_node_access(), while used on several core entity types, does not appear to be part of a more general interface.

Comment #17

pericxc CreditAttribution: pericxc commented 11 July 2016 at 22:59

File	Size
interdiff-workbench_moderation-2738869-04-05.txt	4.7 KB
workbench_moderation-2738869-05.patch	11.25 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass, 1 fail PHP 5.6 & MySQL 5.5, D8.2 72 pass, 1 fail PHP 7 & MySQL 5.5, D8.2 72 pass, 1 fail

Comment #18

pericxc CreditAttribution: pericxc commented 11 July 2016 at 23:00

Status:

Needs work

» Needs review

Comment #19

11 July 2016 at 23:02

Status:

Needs review

» Needs work

The last submitted patch, 17: workbench_moderation-2738869-05.patch, failed testing.

Comment #20

11 July 2016 at 23:02

The last submitted patch, 17: workbench_moderation-2738869-05.patch, failed testing.

Comment #21

11 July 2016 at 23:02

The last submitted patch, 17: workbench_moderation-2738869-05.patch, failed testing.

Comment #22

pericxc CreditAttribution: pericxc commented 11 July 2016 at 23:13

Status:

Needs work

» Needs review

File	Size
interdiff-workbench_moderation-2738869-05-06.txt	1.52 KB
workbench_moderation-2738869-06.patch	11.48 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass

Comment #23

pericxc CreditAttribution: pericxc commented 11 July 2016 at 23:20

I was wondering if the title should be changed since the issue got extended to cover issues with hooks!

Comment #24

jhedstrom

English

Portland, OR

CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented 12 July 2016 at 17:00

+++ b/src/Tests/ModerationStateTransitionsValidationTest.php
@@ -0,0 +1,155 @@
+
...
+

Nit: extra line breaks here.

+++ b/workbench_moderation.module
@@ -167,22 +167,25 @@ function workbench_moderation_entity_view(array &$build, EntityInterface $entity
+  $type = $entity->getEntityType();

This variable doesn't appear to be used.

+++ b/workbench_moderation.module
@@ -167,22 +167,25 @@ function workbench_moderation_entity_view(array &$build, EntityInterface $entity
+    } elseif ($operation == 'update' && $moderation_info->isModeratableEntity($entity) && $entity->moderation_information && $entity->moderation_information->target_id) {
+      /** @var \Drupal\workbench_moderation\StateTransitionValidation $transition_validation */
+      $transition_validation = \Drupal::service('workbench_moderation.state_transition_validation');
+
+      return !empty($transition_validation->getValidTransitionTargets($entity, $account))
+        ? AccessResult::neutral()
+        : AccessResult::forbidden();

Unless I'm missing something, this part isn't node specific at all, so could be moved to apply to all entities? If that is the case, the non-node test should test the update operation too.

Comment #25

pericxc CreditAttribution: pericxc commented 12 July 2016 at 17:48

File	Size
interdiff-workbench_moderation-2738869-06-07.txt	2.76 KB
workbench_moderation-2738869-07.patch	10.58 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass

Comment #26

jhedstrom

English

Portland, OR

CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented 12 July 2016 at 18:00

This is looking really close.

+++ b/workbench_moderation.module
@@ -168,24 +168,21 @@
+  elseif ($operation == 'update' && $moderation_info->isModeratableEntity($entity) && $entity->moderation_information && $entity->moderation_information->target_id) {

Can you update the non-node test to check for the 'update' operation and expected access?

Comment #27

pericxc CreditAttribution: pericxc commented 13 July 2016 at 21:36

File	Size
interdiff-workbench_moderation-2738869-07-08.txt	2.3 KB
workbench_moderation-2738869-08.patch	10.94 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 71 pass, 2 fail PHP 5.6 & MySQL 5.5, D8.2 71 pass, 2 fail PHP 7 & MySQL 5.5, D8.2 71 pass, 2 fail

Comment #28

13 July 2016 at 21:44

Status:

Needs review

» Needs work

The last submitted patch, 27: workbench_moderation-2738869-08.patch, failed testing.

Comment #29

13 July 2016 at 21:44

The last submitted patch, 27: workbench_moderation-2738869-08.patch, failed testing.

Comment #30

13 July 2016 at 21:46

The last submitted patch, 27: workbench_moderation-2738869-08.patch, failed testing.

Comment #31

pericxc CreditAttribution: pericxc commented 14 July 2016 at 00:14

Status:

Needs work

» Needs review

File	Size
interdiff-workbench_moderation-2738869-08-09.txt	2.68 KB
workbench_moderation-2738869-09.patch	11.21 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass

Comment #32

jhedstrom

English

Portland, OR

CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented 15 July 2016 at 20:07

Status:

Needs review

» Reviewed & tested by the community

14 files were hidden/shown/deleted

File	Size
workbench_moderation-2738869-01.patch	1.54 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 67 pass PHP 5.6 & MySQL 5.5, D8.2 67 pass PHP 7 & MySQL 5.5, D8.2 67 pass
interdiff-workbench_moderation-2738869-01-03.txt	5.78 KB
workbench_moderation-2738869-03.patch	5.14 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 68 pass PHP 5.6 & MySQL 5.5, D8.2 68 pass PHP 7 & MySQL 5.5, D8.2 68 pass
interdiff-workbench_moderation-2738869-03-04.txt	4.95 KB
workbench_moderation-2738869-04.patch	8.34 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass
interdiff-workbench_moderation-2738869-04-05.txt	4.7 KB
workbench_moderation-2738869-05.patch	11.25 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass, 1 fail PHP 5.6 & MySQL 5.5, D8.2 72 pass, 1 fail PHP 7 & MySQL 5.5, D8.2 72 pass, 1 fail
interdiff-workbench_moderation-2738869-05-06.txt	1.52 KB
workbench_moderation-2738869-06.patch	11.48 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass
interdiff-workbench_moderation-2738869-06-07.txt	2.76 KB
workbench_moderation-2738869-07.patch	10.58 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 72 pass PHP 5.6 & MySQL 5.5, D8.2 72 pass PHP 7 & MySQL 5.5, D8.2 72 pass
interdiff-workbench_moderation-2738869-07-08.txt	2.3 KB
workbench_moderation-2738869-08.patch	10.94 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.2 71 pass, 2 fail PHP 5.6 & MySQL 5.5, D8.2 71 pass, 2 fail PHP 7 & MySQL 5.5, D8.2 71 pass, 2 fail
interdiff-workbench_moderation-2738869-08-09.txt	2.68 KB

This looks good. I manually tested as well to confirm. I also like that it takes a further step toward non-node-specific entity moderation.

Comment #33

larowlan

🇦🇺🏝.au GMT+10

CreditAttribution: larowlan at PreviousNext commented 10 August 2016 at 01:39

Looking good, some minor adjustments

+++ b/src/ModerationInformation.php
@@ -212,5 +212,30 @@ class ModerationInformation implements ModerationInformationInterface {
+  $entity = $this->entityTypeManager->getDefinition($entity_type_id);
...
+    foreach (\Drupal::entityTypeManager()->getStorage('moderation_state_transition')->loadMultiple() as $transition) {

Please use the injected version instead of the global singleton

+++ b/workbench_moderation.module
@@ -235,3 +235,18 @@ function workbench_moderation_views_data_alter(array &$data) {
+    $modinfo = Drupal::service('workbench_moderation.moderation_information');
...
+    if (!$modinfo->hasValidTransitions($account, $context['entity_type_id'], $entity_bundle)) {

nit: can you use a better variable name than $modinfo - eg $moderation_info

Comment #34

pericxc CreditAttribution: pericxc commented 11 August 2016 at 17:16

File	Size
interdiff-workbench_moderation_2738869_09-34.txt	2.93 KB
workbench_moderation_2738869_34.patch	11.26 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.3 38 pass, 57 fail PHP 5.6 & MySQL 5.5, D8.3 38 pass, 57 fail PHP 7 & MySQL 5.5, D8.3 72 pass 8.x-2.x: PHP 7 & MySQL 5.5, D8.2 72 pass

File

Size

interdiff-workbench_moderation_2738869_09-34.txt

2.93 KB

workbench_moderation_2738869_34.patch

11.26 KB

8.x-2.x:
PHP 7 & MySQL 5.5, D8.2 72 pass

Comment #35

11 August 2016 at 17:21

Status:

Reviewed & tested by the community

» Needs work

The last submitted patch, 34: workbench_moderation_2738869_34.patch, failed testing.

Needs work

» Needs review

Comment #40

Namzhilma Zhambalova CreditAttribution: Namzhilma Zhambalova as a volunteer and at DrupalJedi commented 12 February 2018 at 03:23

File	Size
workbench_moderation-2738869-35.patch	6.14 KB
8.x-1.x: PHP 7 & MySQL 5.5, D8.6 Simpletest fatal error

Hello,

I had bug with https://www.drupal.org/files/issues/workbench_moderation_2738869_34.patch patch.

On site I have 2 CTs, Article has moderation, Page doesn't have.
User (not admin) has permission to create Page.
But when user goes to page node/add/page, he sees Access Denied page.

I changed https://www.drupal.org/files/issues/workbench_moderation_2738869_34.patch to fix the issue.