Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Experimental project
This is a sandbox project, which contains experimental code for developer use only.
Cron Roles is a simple module to grant admin-selected roles to the anonymous user that cron tasks run as.
There are many tasks we want cron to be able to perform which anonymous cannot. In my case this was reading completed Commerce orders for an asynchronous fulfillment routine. This module provides two scopes in which you can add the roles
- Global for cron
- Temporary during Rules
There can be improvements in both parts of the module; that's obvious. What I would rather discuss is the very notion of why it's scary to allow cron to run with escalated privileges.. I'll save that for a more detailed blog post (look for it at www.metaltoad.com/blog) and assume that the following will suffice for this sandbox:
Security Advisory
This module adds privileges to a process which usually runs with no logged in user, and you should only use this module if you understand the implications of that for your site. This includes knowing the security implications for all of your cron tasks running with elevated privileges.
In order to sleep better at night, the module allows super-temporary addition of the roles by way of a pair of Rules actions: one for adding (pushing) and the other for popping the roles back. This was the second feature I added to the module, and it worked great for what I needed. If the community feels better about it, it might be viable to remove the 'global' portion of the module... but let's not make up our minds about that until we've discussed the deeper question.
Project information
- Created by ctrahey on , updated
