For our use case, we need to let users potentially change field values on their registrations (for example: a meal choice field). To allow this, we needed to give users view and edit permissions for registrations that they own. Attached is a patch to do that.
In our case, we are not allowing anonymous users to register. We're also restricting users so that they can only register themselves so we have less complexity around the email address and user id associated with the registration. I've added todo comments where this probably needs to be thought through a bit more.
Note that as deleting registrations is already covered by other issues, I didn't try to include it here (see #1308908: Registerd user cancels a registration and #1418670: Add new permissions).
| Comment | File | Size | Author |
|---|---|---|---|
| #9 | permissions_and_access-1472250-9.patch | 8.29 KB | dpi |
| #7 | permissions_and_access-1472250-7.patch | 7.98 KB | dpi |
| #6 | new-permissions-1472250-6.patch | 4.51 KB | dpi |
| #1 | registration-permissions-own_v2.patch | 2.98 KB | seanbfuller |
| registration-permissions-own.patch | 3.06 KB | seanbfuller |
Comments
Comment #1
seanbfuller commentedSorry, let's try that again without the dsm() calls in there. Also, setting to needs review.
Comment #2
jpontani commentedSetting to needs review.You'll also want to remove the dsm statements from your patch.Beat me to it. I'm slow.
Instead of having two access functions, why not just have a single one that you pass an operation to (view, edit, delete) and an optional account instead of checking the current user.
IE:
Comment #3
seanbfuller commentedYeah, I thought about going that route, but I held off because there's no "edit all" so they were slightly different (edit uses administer). I thought I'd start with a simple patch as the first step. Ultimately, you could run view, edit and delete permissions through that kind of function, but it might require a slight rework of existing permissions. The optional account param is a nice touch.
Comment #4
levelos commentedAccess control now handled via Entity API / entity_access(). Still need a framework for where a users registrations are accessed from ...
Comment #5
dpi#1462796: Allow user to manage his own registrations ?
Comment #6
dpiI'd like you to give this a review, amending HEAD with permissions for each registration type, inspiration taken from node.module.
Comment #7
dpiChanges since #6:
Biggest thing is the hook, as it will allow better integration with modules like Organic Groups. And will make it easier to do: #1463272: Add ability to manage registration access on a per-entity basis.
Comment #8
constantinejohny commentedHi,
if I apply this patch to alpha 4, the users doesn't see the registration form. Even if I grant them all the permissions.
EDIT: When I give registered users "Bypass node access" permission, they can see the form. Is there a way to fix this without this permission?
Comment #9
dpiRerolled against alpha4. (attached)
Works for me, make sure registration status is set to open.
Comment #10
mjross commentedI upgraded to alpha4, applied the permissions_and_access-1472250-9.patch, created a new content type with a registration field, set the registration status to open, and set the permissions for authenticated users ("Create new registration", "Edit own registration", and "Delete own registration").
Testing confirmed that an authenticated user can create a new registration, as well as modify the e-mail address associated with that registration (presumably that is what is meant by the "Edit own registration" permission). However, I see no way for the user to delete her registration. When viewing the node, she sees two tabs, "View" and "Register". I was expecting to see some sort of "Delete" tab. Is there anything extra that we need to do so users can delete their registrations?
Comment #11
dpi@mjross you need to go to the page for the registration (path: registration/*). The page which contains Delete would not be on the host entity because that would imply deleting the host entity.
There is a delete tab, and a button on the edit form, for the registration.
Comment #12
constantinejohny commentedThanks for the update :) It's amazing you guys are working on this so hard.
Everything looks OK now, but when I tried to delete registration with both admin or normal user, I get these errors:
It's in my native language, Czech, but I hope it's understandable.
Comment #13
mjross commented@dpi Thanks for your reply. I went to the path registration/*, but there's no such page. I also tried: /registration, /registration/test-node (my test node), and /content/test-node/registration. Same results. So I'm not sure what page you are referring to.
Comment #14
dpiReplace asterisk with registration ID. You can get them from {registrations} table. Each registration a user creates has it's own page. Eg: /registration/3965
Comment #15
constantinejohny commentedOK, my issue at #12 was succesfully fixed. During the patch one of the files got corrupted (registration.module) - dunno why, but when I patched the original file again it's working.
My hopefully last question is: After deleting the registration, how to forward the user back to the node where he registered (where the field with registration is)? Because the user ends up at /registration/*, which displays Page not found, because the registration number doesn't exist anymore.
Comment #16
mjross commented@dpi Thanks for the clarification. That worked (registration/1). My only remaining question is, how would the visitor get to that page using the UI (and not by editing the URL)? When she is viewing a host entity (at e.g. content/test-node) for which he has already registered, there is still a "Register" tab, which seems odd because she is already registered. It seems more logical that that tab would read "Registration", linked to registration/1. (I'm just thinking out loud, and if any of this is planned for the future, I understand.)
Comment #17
gmclelland commentedI was wondering the same. A Registration tab sounds better than a Register tab IMO.
Comment #18
dpiYou could make a views attachment listing all related registrations. Or #1462796: Allow user to manage his own registrations.
@gmcelland, @mjross On, there being a Register tab despite a user having a pre-existing registration: A user can have more than one registration per entity. See #1308894: Add setting: Maximum registrations per user.. This issue would cover UI issues such as this.
Please discuss in those issues, or create a new issue in the future.
Comment #19
attiks commentedPatch applies and is working:
Checking patch includes/registration.entity.inc...
Hunk #1 succeeded at 298 (offset 18 lines).
Checking patch includes/registration.forms.inc...
Checking patch registration.module...
Applied patch includes/registration.entity.inc cleanly.
Applied patch includes/registration.forms.inc cleanly.
Applied patch registration.module cleanly.
Comment #20
dpiWhether the patch applies is all good. Do you have any feedback?
Thanks for taking a look.
Comment #21
attiks commentedOn our setup anonymous user can register, but we allow authenticated users to register and edit their registration, that's the part that i tested. Also permissions are now controllable by bundle which is nice to have.
This will be tested more in the coming days, so if I have more feedback, I'll let you know
Comment #22
levelos commentedAlright, finally got to this one and committed with ead90b9972d1439a99c550221ad2bdd6e12ba74e. @dpi, I made a handful of minor modifications, although I did remove the hook_registration_entity_access() invokation from the access callback. It's more or less intact otherwise.
Comment #23
dpiThanks for getting this committed!
It would be great if you could let us know why you thought the hook was inappropriate: #1511172: Add hook_registration_entity_access