Remove OG complex widget #181
Conversation
| foreach ($user_groups as $delta => $group) { | ||
| foreach ($this->getUserGroups() as $group) { | ||
| // Check user has "create" permission on this entity. | ||
| if ($og_access->userAccess($group, "create $entity_type_id $bundle", $user)->isAllowed()) { |
There was a problem hiding this comment.
@pfrenssen If I remember correctly \Drupal\og\EventSubscriber\OgEventSubscriber::provideDefaultNodePermissions overrides the permissions for nodes so they will be in the format of create foo content. However that will mean we'll have to think about it everywhere.
So maybe we should remove it, and also for node follow the create [entity-type] [bundle] pattern. What do you think?
There was a problem hiding this comment.
This seems to be a critical issue atm. Can we revert to the format create foo content here and refactor to create [entity-type] [bundle] in a follow up issue?
There was a problem hiding this comment.
From my perspective it seems fine, but need to get approval from @pfrenssen based on above comment - #181 (comment)
There was a problem hiding this comment.
This is already solved for group content but apparently not for groups.
In order to avoid the problems that arise from using this kind of string based permissions we have provided a flexible permission system that tracks operations and group content entity types. The idea behind this is that in order to discover the right permission to use we should not be messing with constructing strings but discover PermissionInterface objects that map to entity types and operations.
You can check GroupContentOperationPermission to see how we solved this for group content. If you want to know whether a user has permission to access the "create" operation on a group content entity you can call OgAccess::userAccessGroupContentEntityOperation() and pass the 'create' operation for this content type.
There was a problem hiding this comment.
@pfrenssen, thanks for the update. I assume this would work:
| if ($og_access->userAccess($group, "create $entity_type_id $bundle", $user)->isAllowed()) { | |
| if ($this->ogAccess->userAccessGroupContentEntityOperation('create', $group, $entity, $this->currentUser)->isAllowed()) { |
This comment has been minimized.
This comment has been minimized.
|
@amitaibu Iv'e started to mess with it and I want to verify the scenarios: |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
| /** | ||
| * Tests adding groups, and node access. | ||
| */ | ||
| public function testFields() { |
There was a problem hiding this comment.
Comment and method name is wrong.
There was a problem hiding this comment.
Oh, sorry it's not wrong - just needs a little better explanation.
There was a problem hiding this comment.
Lastly, we also need to verify non-member can't access the node/add/group_content
| NodeType::create(['type' => 'group'])->save(); | ||
| NodeType::create(['type' => 'group_content'])->save(); | ||
|
|
||
| // Setting up groups and group content relations. |
|
Note to self, the test should be more exhaustive and should cover:
|
src/Plugin/Validation/Constraint/ValidOgMembershipMultipleReferenceConstraintValidator.php
Show resolved
Hide resolved
src/Plugin/Validation/Constraint/ValidOgMembershipMultipleReferenceConstraintValidator.php
Outdated
Show resolved
Hide resolved
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
tests/src/Functional/OgMultipleSelectionWidgetAutoCompleteTest.php
Outdated
Show resolved
Hide resolved
|
I did a fork of Amitai's PR to do a new one that includes the latest changes from the 8.x-1.x branch: #558 |
|
Closing this PR in favor of #570 (which is from a branch on this repository). Relevant remarks have been moved there. |
#160
PR also makes sure a group member can create content if they have
createaccess.