For our use case, we need to let users potentially change field values on their registrations (for example: a meal choice field). To allow this, we needed to give users view and edit permissions for registrations that they own. Attached is a patch to do that.

In our case, we are not allowing anonymous users to register. We're also restricting users so that they can only register themselves so we have less complexity around the email address and user id associated with the registration. I've added todo comments where this probably needs to be thought through a bit more.

Note that as deleting registrations is already covered by other issues, I didn't try to include it here (see #1308908: Registerd user cancels a registration and #1418670: Add new permissions).

Comments

seanbfuller’s picture

Status: Active » Needs review
StatusFileSize
new2.98 KB

Sorry, let's try that again without the dsm() calls in there. Also, setting to needs review.

jpontani’s picture

Setting to needs review.

You'll also want to remove the dsm statements from your patch.

Beat me to it. I'm slow.

Instead of having two access functions, why not just have a single one that you pass an operation to (view, edit, delete) and an optional account instead of checking the current user.

IE:

function registration_access($registration, $op = 'view', $account = NULL) {}
seanbfuller’s picture

Yeah, I thought about going that route, but I held off because there's no "edit all" so they were slightly different (edit uses administer). I thought I'd start with a simple patch as the first step. Ultimately, you could run view, edit and delete permissions through that kind of function, but it might require a slight rework of existing permissions. The optional account param is a nice touch.

levelos’s picture

Status: Needs review » Fixed

Access control now handled via Entity API / entity_access(). Still need a framework for where a users registrations are accessed from ...

dpi’s picture

dpi’s picture

Status: Fixed » Needs review
StatusFileSize
new4.51 KB

I'd like you to give this a review, amending HEAD with permissions for each registration type, inspiration taken from node.module.

  • Corrected arguments for entity entity permission callback.
  • One-line per permission in entity permission callback.
  • Added: create, edit own, edit all, delete own, delete all permissions for each registration type.
  • $account fallback to global when none is provided, for entity permission callback.
dpi’s picture

StatusFileSize
new7.98 KB

Changes since #6:

  • Menu callbacks now use entity_access
  • New Permission: for managing settings for each registration type.
  • New Permission: view registrations of type.
  • Re-implemented delete menu item.
  • Implemented registration_entity_access hook.

Biggest thing is the hook, as it will allow better integration with modules like Organic Groups. And will make it easier to do: #1463272: Add ability to manage registration access on a per-entity basis.

constantinejohny’s picture

Hi,

if I apply this patch to alpha 4, the users doesn't see the registration form. Even if I grant them all the permissions.

EDIT: When I give registered users "Bypass node access" permission, they can see the form. Is there a way to fix this without this permission?

dpi’s picture

StatusFileSize
new8.29 KB

Rerolled against alpha4. (attached)

Works for me, make sure registration status is set to open.

mjross’s picture

I upgraded to alpha4, applied the permissions_and_access-1472250-9.patch, created a new content type with a registration field, set the registration status to open, and set the permissions for authenticated users ("Create new registration", "Edit own registration", and "Delete own registration").

Testing confirmed that an authenticated user can create a new registration, as well as modify the e-mail address associated with that registration (presumably that is what is meant by the "Edit own registration" permission). However, I see no way for the user to delete her registration. When viewing the node, she sees two tabs, "View" and "Register". I was expecting to see some sort of "Delete" tab. Is there anything extra that we need to do so users can delete their registrations?

dpi’s picture

@mjross you need to go to the page for the registration (path: registration/*). The page which contains Delete would not be on the host entity because that would imply deleting the host entity.

There is a delete tab, and a button on the edit form, for the registration.

constantinejohny’s picture

Thanks for the update :) It's amazing you guys are working on this so hard.

Everything looks OK now, but when I tried to delete registration with both admin or normal user, I get these errors:

    Warning: Missing argument 1 for drupal_get_form() ve funkci drupal_get_form() (line: 115 v souboru *****/test/includes/form.inc).
    Notice: Undefined variable: form_id ve funkci drupal_get_form() (line: 123 v souboru *****/test/includes/form.inc).
    Notice: Undefined index: ve funkci drupal_retrieve_form() (line: 752 v souboru *****/test/includes/form.inc).
    Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, '' was given ve funkci drupal_retrieve_form() (line: 787 v souboru *****/test/includes/form.inc).

It's in my native language, Czech, but I hope it's understandable.

mjross’s picture

@dpi Thanks for your reply. I went to the path registration/*, but there's no such page. I also tried: /registration, /registration/test-node (my test node), and /content/test-node/registration. Same results. So I'm not sure what page you are referring to.

dpi’s picture

Replace asterisk with registration ID. You can get them from {registrations} table. Each registration a user creates has it's own page. Eg: /registration/3965

constantinejohny’s picture

OK, my issue at #12 was succesfully fixed. During the patch one of the files got corrupted (registration.module) - dunno why, but when I patched the original file again it's working.

My hopefully last question is: After deleting the registration, how to forward the user back to the node where he registered (where the field with registration is)? Because the user ends up at /registration/*, which displays Page not found, because the registration number doesn't exist anymore.

mjross’s picture

@dpi Thanks for the clarification. That worked (registration/1). My only remaining question is, how would the visitor get to that page using the UI (and not by editing the URL)? When she is viewing a host entity (at e.g. content/test-node) for which he has already registered, there is still a "Register" tab, which seems odd because she is already registered. It seems more logical that that tab would read "Registration", linked to registration/1. (I'm just thinking out loud, and if any of this is planned for the future, I understand.)

gmclelland’s picture

I was wondering the same. A Registration tab sounds better than a Register tab IMO.

dpi’s picture

how would the visitor get to [the registration entity page] using the UI

You could make a views attachment listing all related registrations. Or #1462796: Allow user to manage his own registrations.

@gmcelland, @mjross On, there being a Register tab despite a user having a pre-existing registration: A user can have more than one registration per entity. See #1308894: Add setting: Maximum registrations per user.. This issue would cover UI issues such as this.

Please discuss in those issues, or create a new issue in the future.

attiks’s picture

Status: Needs review » Reviewed & tested by the community

Patch applies and is working:
Checking patch includes/registration.entity.inc...
Hunk #1 succeeded at 298 (offset 18 lines).
Checking patch includes/registration.forms.inc...
Checking patch registration.module...
Applied patch includes/registration.entity.inc cleanly.
Applied patch includes/registration.forms.inc cleanly.
Applied patch registration.module cleanly.

dpi’s picture

Whether the patch applies is all good. Do you have any feedback?

Thanks for taking a look.

attiks’s picture

On our setup anonymous user can register, but we allow authenticated users to register and edit their registration, that's the part that i tested. Also permissions are now controllable by bundle which is nice to have.

This will be tested more in the coming days, so if I have more feedback, I'll let you know

levelos’s picture

Status: Reviewed & tested by the community » Fixed

Alright, finally got to this one and committed with ead90b9972d1439a99c550221ad2bdd6e12ba74e. @dpi, I made a handful of minor modifications, although I did remove the hook_registration_entity_access() invokation from the access callback. It's more or less intact otherwise.

dpi’s picture

Thanks for getting this committed!

It would be great if you could let us know why you thought the hook was inappropriate: #1511172: Add hook_registration_entity_access

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • levelos committed ead90b9 on 7.x-1.x, panels, any-entity, slots, integrations, hold_state authored by dpi
    #1472250 by dpi: View and edit own registration permissions.