Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Taxonomy is using vocabulary ids in permissions which makes permission settings not portable.
Patch coming. A 7.1 feature point release issue?
Comment | File | Size | Author |
---|---|---|---|
#51 | 995156-51_portable_taxonomy_permissions-D7.36.patch | 5.02 KB | raphaelhuefner |
#46 | 995156-46_portable_taxonomy_permissions-D7.patch | 4.96 KB | DuaelFr |
#46 | interdiff.txt | 506 bytes | DuaelFr |
#44 | 995156-43_portable_taxonomy_permissions-D7.patch | 4.9 KB | DuaelFr |
#44 | interdiff.txt | 3.14 KB | DuaelFr |
Comments
Comment #1
alex_b CreditAttribution: alex_b commentedComment #2
alex_b CreditAttribution: alex_b commentedFix typo
$vocabulary->machine_name instead of $vocabulary->vocabulary->machine_name
Comment #3
yched CreditAttribution: yched commentedOuch, definite +1
We should have an upgrade path, though.
Comment #5
alex_b CreditAttribution: alex_b commentedThis patch should fix the notices coming from accessing an obviously non-existent
$vocabulary->vocabulary_machine_name
And yes, needs upgrade path.
Comment #6
febbraro CreditAttribution: febbraro commentedsubscribe
Comment #7
ademarco CreditAttribution: ademarco commentedsubscribe
Comment #8
mlncn CreditAttribution: mlncn commentedTested out the patch, and very much yes please! If it gets an upgrade path can we have it in 7.1?
Comment #9
Ravi.J CreditAttribution: Ravi.J commentedsubscribe
Comment #10
rickvug CreditAttribution: rickvug commentedsubscribe.
Comment #11
mlncn CreditAttribution: mlncn commented... and, 8.x first.
Comment #12
klausiRerolled for D8.
Comment #13
langworthy CreditAttribution: langworthy commentedsubscribe
Comment #14
JvE CreditAttribution: JvE commentedsubscribe
Comment #15
droplet CreditAttribution: droplet commentedsubscribe
Comment #16
langworthy CreditAttribution: langworthy commentedPatch in #12 works for me in D8.x HEAD.
Setting back to "needs work" for the upgrade path work to be done.
Do we need to add/update any tests for this?
Comment #17
aspedia CreditAttribution: aspedia commentedFirst real crack at this, so feedback welcome. Was, and still am a little confused as to what update number this should take on? Is it 8001? 7011? Is it different if it gets back-ported to D7? Here is a patch against 8.x anyway. I couldn't see a need for, nor think of any appropriate tests, but, perhaps I'm wrong there.
Comment #18
mr.baileysMarked #986168: Use machine name for taxonomy permissions as duplicate.
Copying my comment from that issue since I think none of the points raised there have been fixed by the current patch:
Using the machine name instead of vid in the permission name certainly makes sense from a DX perspective. A couple of issues with the current patch though:
Reviewing your patch also made me look for the original patch that introduced these permissions. Take a look at #340652: Edit/delete terms permission per vocabulary, it has in-depth information on vid versus machine name. If you go through with this patch, make sure you address the issues raised in that thread. IIRC, one of the concerns raised in that thread is the possible performance penalty for mulitiple additional taxonomy_vocabulary_loads.
Comment #19
joelcollinsdc CreditAttribution: joelcollinsdc commentedsubscribe
Comment #20
xjmMarked #1300962: Change taxonomy permissions to use $vocabulary->machine_name rather than vid as duplicate of this issue.
Comment #21
jhedstromI think this patch addresses the majority of the concerns in #18:
Comment #22
jhedstromAlso, I removed the update hook for now, which won't be needed if this can be backported to 7.x.
Comment #23
xjmLooks like it has test coverage, which is good. Few minor points about the patch:
The function summary should be one line less than 80 characters (probably just a matter of rewording it a little).
Can we reformat this using the multi-line array formatting for readability?
Let's remove t() from the assertion message. Reference: http://drupal.org/simpletest-tutorial-drupal7#t
Regarding whether this is backportable... I could easily see a contributed module interacting with vocabulary permissions and using
edit terms in $vid
where$vid
comes from some vocabulary picked by the module for some purpose. So I'm leery of backporting this. Can someone convince me I'm being paranoid?Comment #24
jhedstromFunction summaries need to be less than 80 characters? I thought they just needed to wrap at 80.
Comment #25
tim.plunkettAddressed the bits in #23.
Comment #26
xjm#25 looks good to me. So the next step is to decide whether we'll actually backport this. If so, I think #25 is RTBC. If not, then we'll want to add an update hook and upgrade path tests to the D8 patch (both to update the field size and to update existing role names in the database). More thoughts on the backport question, anyone?
Edit:
Yep, the first line needs to be a summary that is one line only. Reference: http://drupal.org/node/1354#functions
Comment #27
mr.baileysI don't think this is a candidate for backporting, for the same reason you brought up in #23: IMO names for permissions exposed by Drupal core are part of its API, and API changes should not be back-ported.
While it would be silly to use names that long, this can still cause a database error with vocabulary machine names longer than 240'ish characters.
Comment #28
xjmSo you are suggesting adding code to truncate the machine name dynamically before sticking it in the permission name?
Comment #29
xjmClosed #1449726: Vocabulary permissions should use machine name as duplicate of this issue.
Comment #30
andypostClosed duplicate #1592172: Use vocabulary machine name instead of vid in permissions
EDIT this issue could be superseded by #1552396: Convert vocabularies into configuration
Comment #31
j0rd CreditAttribution: j0rd commentedRe-rolled for D7.15 to avoid bad hunks.
Comment #32
tim.plunkettGoing through old issues referenced in Views @todos.
Comment #33
alexweber CreditAttribution: alexweber commentedI noticed that there's a
testTaxonomyVocabularyChangeMachineName()
test for changing a vocabulary's machine name, im guessing permissions won't be changed.Question is, should they?
Comment #34
jyee CreditAttribution: jyee commented#31: 995156-31_portable_taxonomy_permissions-D7-15.patch queued for re-testing.
Comment #35
BerdirSee #30, I suggest to close this issue in favor of #1552396: Convert vocabularies into configuration, the result of that is that $vocabulary->vid *is* the machine_name, there's no id anymore. So if this would be commited, the other issue would just have to revert it.
Comment #36
xjmAgreed.
Comment #37
Leeteq CreditAttribution: Leeteq commentedAFAICT, #1552396: Convert vocabularies into configuration is not going to be backported to D7 for perhaps obvious reasons (API change, etc.)
Nevertheless, we need some fix for this in D7 anyway, which the http://drupal.org/project/taxonomy_access_fix module aims to provide.
That module is waiting for _this_ issue to be backported, though...
What does that mean for _this_ issue and the related issue in taxonomy_access_fix:
#1637446: Taxonomy Access Fix additional permissions should use vocab machine name and not vid
Comment #38
DamienMcKenna@Leeteq: Because the D8 change turned into a bigger architectural change, D7 is left out in the cold. Lets focus on improving taxonomy_access_fix.
Comment #39
RunePhilosof CreditAttribution: RunePhilosof commentedThis could still be fixed for D7 even though the approach used for D8 is radically different.
It might be one of the patches in this issue or the patch in http://drupal.org/node/1300962
Comment #40
DuaelFrI am using this patch on D7 for a year, waiting it to be commited because we need to use machine names to improve scalability. Today, Features includes a bit of code to bypass this issue, using a complicated conversion system whereas this could be in core since a long time.
Here is the patch found in #31 including an upgrade path.
What do we need to have this commited now ?
Comment #41
JvE CreditAttribution: JvE commentedThe concerns from #18 perhaps:
and maybe the concern from the original issue #340652: Edit/delete terms permission per vocabulary:
Comment #42
DuaelFrOk ! Thank you for the pointers.
This can easily be addressed as we can read the $vocabulary->original->machine_name property during the taxonomy_vocabulary_save. (See the attached patch)
What would be the best solution for this issue ?
We have now a
vocabulary_machine_name
key in the term object so I don't think this remains a problem. Plus, the only function which seems to need to load the vocabulary istaxonomy_form_term
and it needs it for other purposes.The attached patch already fixes the first point but I need some help to think about the second one.
Comment #43
JvE CreditAttribution: JvE commentedKeeping sync with changing machine names looks good.
I'm quite ok with limiting vocabulary machine names to 64 chars (or even shorter). But nothing is ever easy, so how to deal with already-existing names that are longer?
I do agree on the performance considerations.
Comment #44
DuaelFrHere is a new patch implementing something like Views do which truncate the longest machine names and use their hash to shorten them. I don't think we have any better option but suggestions are welcome.
PS : machine names are only truncated in permissions names.
Comment #45
JvE CreditAttribution: JvE commentedI like it. Thanks!
I only reviewed it without extensive testing and I am no core/taxonomy maintainer so I'm not setting to RTBC.
Let's hope someone else can ensure this does get committed sometime before the D8 release.
Comment #46
DuaelFrHere is a minor update to fix an issue when the old machine name was already containing more than 112 chars.
Comment #47
dsnopekI looked over the patch and quickly reviewed the "use hash when machine name is too long" and it looks good! I haven't actually manually tested this patch, though. It seems strange that this doesn't break any unit tests - maybe more test coverage is needed?
Comment #48
xjmThis patch would break permissions for existing contrib and custom modules in Drupal 7. I don't think this is a safe D7 backport at all. Even if we upgrade permissions in the site database, permission names are very frequently hardcoded as strings in code, and this patch would break that code. It's especially risky considering that this is an access control change, and there are contrib alternatives possible.
So, marking wontfix.
Comment #49
alexweber CreditAttribution: alexweber commentedFor everyone who wants this in D7, the Features approach isn't perfect but it just works...
There's also a patch floating around the Taxonomy Access Fix issue queue to update it too (although the module maintainers won't commit it)
Comment #50
dsnopek@xjm: Ah, yeah, that makes perfect sense. :-)
Here is the issue with patch for the Taxonomy Access Fix module: #1637446: Taxonomy Access Fix additional permissions should use vocab machine name and not vid
Let's pick this up in contrib!
Comment #51
raphaelhuefner CreditAttribution: raphaelhuefner commentedThis is a re-roll of the patch from #995156-46: Use vocabulary machine name for permissions against Drupal 7.36
This re-roll was necessary due to a series of unfortunate circumstances. ;-)