To reproduce:
- Have an administrator role.
- Create a new content type.
- Review permissions for the administrator role.

Expecting:
- administrator role to have permissions for new content type.

What happened instead:
- administrator role did not have permissions for new content type.

This issue could affect any module that dynamically generates permissions.

Comments

Freso’s picture

Freso commented
Priority: Minor » Normal

This does not just apply to content types, any dynamically generated permissions created after a module's install won't be caught by user.module:

function user_modules_installed($modules) {
  // Assign all available permissions to the administrator role.
  $rid = variable_get('user_admin_role', 0);
  if ($rid) {
    $permissions = array();
    foreach ($modules as $module) {
      if ($module_permissions = module_invoke($module, 'permission')) {
        $permissions = array_merge($permissions, array_keys($module_permissions));
      }
    }
    if (!empty($permissions)) {
      user_role_grant_permissions($rid, $permissions);
    }
  }
}

This is the only place new permissions are granted to user_admin_role, which might also mean that permissions added with module updates aren't caught either (though I haven't tested this).

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
Status: Active » Closed (duplicate)

It looks like this issue is older, but #787152: Dynamic permissions cannot be automatically assigned to or removed from roles has more discussion. Marking as duplicate.