This is a subissue of #1391216: Views integration for the 6.x-2.x and 7.x-1.x version
Problem/Motivation
When displaying a View of addresses, it would be nice to be able to filter out addresses the user is not supposed to see.
Proposed resolution
There should be three Views filters implemented to filter on address access:
- A filter for if the address may be viewed.
- A filter for if the address may be edited.
- A filter for if the address may be deleted.
These three filters should be connected with the permissions class (UcAddressesPermissions).
Because checking address access would require a full address object, it should leave out support for pager, as checking access for all addresses could become a real performance hit.
Remaining tasks
- Implement the three access filters.
User interface changes
None directly, but site builders will get an option in Views to filter out addresses the user should not have access to.
API changes
None.
A patch will follow.
Comments
Comment #1
MegaChriz CreditAttribution: MegaChriz commentedThis is my first attempt for implementing the access filters. As mentioned in the issue summary, it does not work well with pager.
This could use some tests.
Comment #2
MegaChriz CreditAttribution: MegaChriz commentedNow with automated tests.
Comment #4
MegaChriz CreditAttribution: MegaChriz commentedNow is ensured that the base test class is included.
Comment #5
MegaChriz CreditAttribution: MegaChriz commentedThis adds some extra documentation. Other then that, I think it's ready. Let's see if it still passes tests.
Comment #6
MegaChriz CreditAttribution: MegaChriz commentedCommitted #5 with some small modifications in the code comments: there appeared to be a reference to the Views PHP module, which I had used as an example.
Needs backport to 6.x-2.x. I expects this could become quite a challenge, as some things work differently in Views 2.
Comment #7
MegaChriz CreditAttribution: MegaChriz commentedIt took me some hours to figure out, but here's a patch for the 6.x-2.x version. Again, I took Views PHP as an example, but then the 6.x-1.x version of that module in this case. I've also taken a bit other approach to find out how the address ID field is called in the results. For the 7.x-1.x version (see #5) this came more to guessing. The filter for the 6.x-2.x just adds two fields to query and uses that in the result rows to load the complete address and check access.
So, I probably need to make a few modifications to the 7.x-1.x implementation after I'm done with the 6.x-2.x implementation. Not only for consistency, but also because I think the 6.x-2.x implementation is more stable.
Comment #8
MegaChriz CreditAttribution: MegaChriz commentedCommitted #7.
Going back to the 7.x-1.x version, because the implementation probably needs to be improved for that version.
Comment #9
MegaChriz CreditAttribution: MegaChriz commentedImprovements for the 7.x-1.x version, following the 6.x-2.x approach.
Comment #10
MegaChriz CreditAttribution: MegaChriz commentedCommitted #9.