Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.When a user account has a file field, the user protect module causes an AJAX error for users that only have the authenticated role if they try to remove an attached file. User protect currently unsets the rid for the authenticated role in userprotect_user_edit_fields_validate, but the block module's function block_form_user_profile_form_alter needs the rid there or else an SQL error breaks the AJAX call.
A patch will be supplied below.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | userprotect-roleids-1508752-1.patch | 855 bytes | scotthorn |
Comments
Comment #1
scotthorn CreditAttribution: scotthorn commentedComment #2
karschsp CreditAttribution: karschsp commentedI'm not actually able to reproduce this. Here's the steps I followed:
* Add a file field to user accounts.
* Create a user with only authenticated user role.
* Log in as that user, edit account, upload image, save.
* Edit account again, remove image, save.
* Log out
* Log in as administrator
* Edit the account of the user created above.
* Remove image
* Save
I didn't see any AJAX errors when going through those steps. What am I missing?
Comment #3
scotthorn CreditAttribution: scotthorn commentedYou will also need to protect role changes for authenticated users at admin/config/people/userprotect/protected_roles. Sorry, I didn't realize that when I originally posted.
Just now I tried it on a clean install using sqlite and did not encounter the error. I repeated the test with a fresh MySQL install and did get the problem again. Thanks for responding, and for a great module!
Comment #4
scotthorn CreditAttribution: scotthorn commentedComment #6
MegaChriz CreditAttribution: MegaChriz commentedI couldn't reproduce the issue, but the removal of a role on the account object when that's not specifically needed is like playing with fire. Committed #1.