Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hey salvis,
I just want to ask a clarification question: In working on the D7 port of Content Access, I recently noticed that when granting view access to an individual user via our Rules integration, in addition to the ACL entry for the user's view access grant, empty ACL entries are also being created for the update and delete grants. So using the Devel Node Access block, I see this:
18 0 ok acl 18 1 0 0 content_access/view_18: BenK
18 0 empty acl 19 0 0 0 content_access/update_18: no users!
18 0 empty acl 20 0 0 0 content_access/delete_18: no users!
Is there a reason that ACL adds the three ops (view, update, delete) even when only one op (view) is being specified?
There might be a very good reason for this, but just wanted to be sure this was as intended.
Thanks,
Ben
Comments
Comment #1
salvisThe 'update_18' name is not generated by ACL. It's the client (i.e. CA) that does this. I don't know whether that behavior of CA is correct or not.
Hover your mouse over the 'empty' word to get additional information from DNA.
Comment #2
good_man CreditAttribution: good_man commentedThat's right, I was wrong, CA adds three records for each operation (view/update/delete), I think in the future we need to optimise them into one record.
@salvis: Can we get something similar into API? for example a list of operations (view/update/delete), each one has one or more uids, then it should update OR insert them as needed (insert if new, update if exist in table)?
Comment #3
salvisAs DNA explains, the empty grants do have an effect.
Does acl_node_add_acl() not do what you want?
Comment #4
good_man CreditAttribution: good_man commentedYes CA now uses acl_node_add_acl(), but I was talking about some wrapper, if you find it a good use case to pass nid, uids, and ops, maybe you can add it to ACL, if not (if it's an extreme case) I'll do similar one in CA.
Comment #5
salvisI like to keep APIs simple and orthogonal. However, if you can demonstrate an actual benefit (e.g. more efficient database operations), then I'm interested. Let's see what you have.