Issue #27: Use Drupal permission system #29
Conversation
donquixote
force-pushed
the
issue-27-fix-permissions
branch
from
24d8c60
to
dc42d13
Compare
donquixote
force-pushed
the
issue-27-fix-permissions
branch
2 times, most recently
from
b969749
to
3707404
Compare
donquixote
force-pushed
the
issue-27-fix-permissions
branch
from
3707404
to
229c013
Compare
|
Drupal conventions set the indentation level to 2 spaces. |
donquixote
force-pushed
the
issue-27-fix-permissions
branch
from
229c013
to
bcb49de
Compare
|
|
||
| The user role `anonymous` by default disallows editing and is the | ||
| minimal permission for viewing documents in Collabora Online. | ||
|
|
There was a problem hiding this comment.
We can rethink this section. For now I just removed it to avoid confusion.
There was a problem hiding this comment.
Right now it is unclear how these new permissions work. Is it possible to have a short write up here?
There was a problem hiding this comment.
I re-added a section, I hope it is more clear this way.
The "which can be managed at /admin/people/permissions." should be obvious to people who are familiar with Drupal, but I mention it anyway.
donquixote
force-pushed
the
issue-27-fix-permissions
branch
2 times, most recently
from
e154762
to
0972d4a
Compare
How to run the tests.For now I am not adding a phpunit.xml(.dist) file. I personally ran the tests with ddev-drupal-contrib. I assume that Francesco will probably run the tests from a custom project where this module is pulled in as a dependency. So it is up to the developer/reviewer how they want to run the tests. |
donquixote
force-pushed
the
issue-27-fix-permissions
branch
from
0972d4a
to
e0a2c08
Compare
donquixote
force-pushed
the
issue-27-fix-permissions
branch
3 times, most recently
from
5ceeeac
to
d34d7d0
Compare
|
@hfiguiere or whoever wants to merge this: |
|
Changes about permissions are ready @hfiguiere |
|
|
||
| /* Make sure that the user is a collaborator if edit is true */ | ||
| $edit = $edit && $permissions['is_collaborator']; | ||
|
|
There was a problem hiding this comment.
How do we check about the write permission? The code above make sure that if you get an "editor" but don't have write permission as per drupal, then you get bounced back to a read-only. It also reject if you don't have viewing permission. This is better than WOPI errors in Collabora online.
There was a problem hiding this comment.
Permissions are set at the entity level and can be found in the collabora_online.module. They handle actions like viewing and editing documents. These permissions are not tied to specific roles, allowing sites to configure which roles can access or modify documents.
There was a problem hiding this comment.
In the new version the access is checked at the route level.
This means that, if you attempt to access '/cool/edit/{media}' path when you only have "preview" permission, you get an access denied page, instead of the "readonly" fallback.
Also, now it is technically possible to have an "edit" permission without having a "preview" permission.
Such a user would be able to access the '/cool/edit/{media}' path, but not the '/cool/view/{media}' path.
It would be up to the admin / webmaster / site builder to only assign "edit" to roles that also have "preview".
How important is the scenario with the fallback?
One use case I could imagine is that user A with edit access passes a link to user B who has only read/preview access. In that case we would want user B to see the preview page.
If this is really important, we would need to move part of the the access logic back into the controller.
On the other hand, having the permission on the route level allows Drupal to hide the "edit" link for people with no access, whenever it would be displayed in a menu or in "tabs". (Currently no such places exist for these specific links, where the visibility would depend on the route access check.)
There was a problem hiding this comment.
Permissions are set at the entity level
In the new version the access is checked at the route level.
This sounds contradictory, but in fact both of these statements are true :)
The access check happens at the route level, so before the controller method is called.
However, the route access check then invokes the entity access system, with _entity_access: 'media.edit in collabora'.
There was a problem hiding this comment.
Having the access check on route level, and not in the controller, is a standard practice in Drupal for most routes, providing a clean separation between controller and access check. With all the consequences mentioned above, e.g. when you visit /node/123/edit, if you don't have edit access, you get an access denied, not a fallback to the node view page.
Exceptions are technically possible, e.g. for API urls that should be accessed by a script or service, and where a default "access denied" response would not be suitable.
In this case we would prefer to stick to the default Drupal behavior, at least for now.
This should be ok because we also hide the link for user without edit access.
…n the field formatter.
…on links, instead of regular media access.
…definition for view and edit routes.
…perms and 'edit own'.
…sionDenied(), drop the `@todo` in the controller method.
AaronGilMartinez
force-pushed
the
issue-27-fix-permissions
branch
from
847f29d
to
805efa2
Compare
|
Hi @hfiguiere, added license for the files, and rebased branch. |
|
this comment #29 (comment) would benefit being added to the README |
donquixote
changed the title
So this would explain how to run tests and also how to manually test the module with a Collabora Online docker container. I can agree this would be useful, but I would prefer to keep it out of this pull request. In a future version we should add a development setup with docker-compose or ddev, which should also include a Collabora container, and then we can add a nice instruction in the README. For now I don't think it is worthwhile. |
donquixote
changed the title
|
@hfiguiere From our side this PR is good to go. |
|
Let's merge this. |
|
Thanks @hfiguiere ! |
|
merge commits are terrible. A linear history is much more manageable. Usually I rework commit to minimise the number of them. |
|
(off-topic comment I do im my free time)
The "terrible" merge commits are usually those that you might find inside a feature branch as a result of git pull, often obfuscating changes or bad conflict resolution. Or you get distracting merges between master, dev, staging or whichever other branch, resulting from unnecessary workflow conventions. The "merge feature branch x into main" is usually fine, if the feature branch was sufficiently rebased before. The merge commit then tells a story that is meaningful. If you like something pure you could look for "semi-linear history", where you get something like a segmented snake. But I found it is generally good enough if a feature branch has no conflict when it is merged, and the feature branch itself is linear (this is also what we do on other projects). |
Fixes #27
Changes: