I see _commons_groups_update_group_permissions() is where it is being set and is called from hook_og_role_change_permissions().
When I debug the $permissions argument, it is being sent as 'subscribe' => TRUE (should have been 'subscribe without approval')
I had saved the form with "Anyone can join" (value="anyone") checked. (note: the regular user is not set as a group organizer, so this user could not go back and edit the group -- will start another ticket)
If I edit the same group as administrator I can save as "Anyone can join", it does save correctly.
If I add a new group as administrator, the same thing happens as the regular user. So it looks like there is a problem with the creation of groups. Any ideas?
Comment | File | Size | Author |
---|---|---|---|
#36 | 2019137-group-privacy-settings-36.patch | 1.78 KB | ezra-g |
#33 | 2019137-group-privacy-settings-31.patch | 1.08 KB | ezra-g |
#32 | 2019057-commons-groups-exception-og-access-31.patch | 9.57 KB | ezra-g |
#31 | Permissions_for_group_Engineering_team___cn8.png | 44.58 KB | ezra-g |
#27 | 2019137-group-privacy-settings-27.patch | 2.51 KB | ezra-g |
Comments
Comment #1
ezra-g CreditAttribution: ezra-g commentedThanks for the bug report.
I was able to reproduce this issue. In fact, we saw this during the initial refactoring of group privacy settings , so it seems to have resurfaced.
Tagging for the Commons 3.3 radar.
Comment #2
Devin Carlson CreditAttribution: Devin Carlson commentedI've managed to track this down but getting a working solution has proven more difficult than it should be!
Commons Groups' use case causes Node module to invoke both
hook_node_update()
andhook_node_insert()
duringnode_save()
. Also,hook_node_update()
is always invoked beforehook_node_insert()
.A static variable is used in
commons_groups_set_group_permissions()
and_commons_groups_update_group_permissions()
in order to prevent either function from being run more than once per node. However, sincehook_node_update()
is always invoked duringnode_save()
and always invoked beforehook_node_insert()
and they both operate on the same node,hook_node_update()
is always "locked out" of performing eithercommons_groups_*()
operations.It seems like the recommended solution would involve removing Commons Groups implementation of
hook_node_insert()
in favor of accomplishing all of the required tasks inside of the implementation ofhook_node_update()
(since it is run in all cases).As a stop-gap, I've attached a patch that should work but is most likely a bad solution. :P
Comment #3
ezra-g CreditAttribution: ezra-g commentedMarking as "needs work per"
Thanks for the thorough issue description!
Comment #4
amitaibuThanks for the patch.
This looks wrong -- why not call the variable
$original_node
?.Comment #5
ezra-g CreditAttribution: ezra-g commentedThanks, Amitaibu. Aside from the variable name, can you comment on the overall approach here?
We've observed that putting in a return; at the top of
_commons_groups_update_group_permissions
allows the field to save correctly, but we understand that that would prevent the groups permissions checkboxes from synching with the subscription settings field.Comment #6
ezra-g CreditAttribution: ezra-g commentedSpecifically, we're not clear on the expected values of the $permissions array here.
Comment #7
amitaibuSounds like this is the real cause of the problem, and I have a feeling it's a recent change, as I remember personally seeing it working properly. @Devin Carlson, were you able to track down the reason for this wrong hook execution?
I believe we should fix that, as the current bug is probably only the first symptom - update should run after insert ;)
Comment #8
Devin Carlson CreditAttribution: Devin Carlson commentedI've narrowed this down further to
commons_groups_og_role_change_permissions()
which does:I've found that $permissions always returns subscribe (boolean) TRUE during node insertion no matter what the group's privacy settings are set to. The helper function
_commons_groups_update_group_permissions()
is then called which sets the field_og_subscribe_settings field to this value (subscribe) and saves it._commons_groups_update_group_permissions() is triggered whenever a node is inserted or updated because:
commons_groups_insert()
andcommons_groups_update()
both callcommons_groups_set_group_permissions()
which callsog_role_change_permissions()
which invokeshook_og_role_change_permissions()
, triggeringcommons_groups_og_role_change_permissions()
, which calls_commons_groups_update_group_permissions()
.Comment #9
amitaibuOk, I see the problem and I think we should change the strategy here. Up until now when the permissions are changing, even programmatically we maintain a sync between them.
I think that instead, we should hide/ disable those permissions from the OG permissions UI, so it can only be changed via the field. Once we need to maintain that sync only from one direction (field -> permissions), we can remove
commons_groups_og_role_change_permissions()
and avoid those errors.@ezra-g, what do you think about the above suggestion?
Comment #10
ezra-g CreditAttribution: ezra-g commentedThat suggestion sounds good to me in general. My only concern is whether there's ever a case where the permissions would be changed programaticall, causing them to become out of sync with the field.
If you're confident that's not likely to happen, this seems OK to me.
Another approach would be to detect which item (permissions or field) initiated the change by adding an arbitrary value to the $roles array or similar, and only sync one way in that case.
Comment #11
amitaibuPretty confident, it's very unusual for a module to determine it's own permissions. I believe that's the right solution -- being able to change a setting only form a single place.
That's the first thing I tried to do, but looking at the code I realized it's not possible. The role object is lost before it reaches our function(s), and adding this context/ metdata in a different way seemed messy.
Comment #12
ezra-g CreditAttribution: ezra-g commentedThe attached patch removes our implementation of hook_og_role_change_permissions() and hides checkboxes that we set with field_og_subscribe_settings() when the group is private. However, after further thought, we should just hide these settings in all cases. Leaving as "needs work."
Comment #13
RobKoberg CreditAttribution: RobKoberg commentedI just notice that todays build (from this morning) does not have the ability to add the content privacy to groups. Is this a mistake and it should be there or has it been removed for some reason and content privacy is handled in a different way?
Comment #14
ezra-g CreditAttribution: ezra-g commentedDo you have OG Access module enabled?
Can you confirm you packaged with build-commons-dev.make, rather than using the Drupal.org nightly development snapshot?
Comment #15
RobKoberg CreditAttribution: RobKoberg commentedUff... sorry and please disregard. I thought I had enabled it, but no. The modules form is sitting there for me to submit still :-|
Comment #16
ezra-g CreditAttribution: ezra-g commentedNo problem :).
Comment #17
ezra-g CreditAttribution: ezra-g commentedHere's a re-roll as proposed in #12.
Comment #18
Devin Carlson CreditAttribution: Devin Carlson commentedTested #17 which disabled the permission checkboxes but didn't prevent them from being rendered in the permissions table. Talking to @ezra-g, it sounds like the permissions should not be shown in the table at all, which would make disabling the permission checkboxes unnecessary.
Comment #19
ezra-g CreditAttribution: ezra-g commentedNice catch in #18.
Here's a re-roll. It feels unfortunate to unset() the form elements but #disabled can be overridden in the browser and setting #access = FALSE results in empty rows in the table.
Comment #20
Devin Carlson CreditAttribution: Devin Carlson commentedTested #19 with an existing install of Commons. While it did remove the permission checkboxes from the table, I believe that it did so for the wrong reason.
The rows are only removed if $form['checkboxes'][$role][$permission] has any $attributes, which might not be the case depending on theming.
Unfortunately, I have yet to to come up with a suitable replacement to check and using
$form['checkboxes'][$role][$permission]
doesn't seem to work.Marking this as needs work while I continue to look for a solution.
Comment #21
ezra-g CreditAttribution: ezra-g commentedThanks, Devin Carlson. Re-assigning per #20.
Comment #22
RobKoberg CreditAttribution: RobKoberg commentednot working for me as of this morning's build. Behavior is when checking "Anyone can join and contribute" and saving, it is set to "Joining requires admin approval"
Comment #23
ezra-g CreditAttribution: ezra-g commented@RobKoberg - Correct. This issue is still accurately marked, "needs work" because it hasn't yet been fixed.
Comment #24
RobKoberg CreditAttribution: RobKoberg commentedOK, apologies, I thought that the thread implied that there was a fix, but not optimal. And that moving from active to needs work reenforced that.
Another issue with staying up-to-date with the latest dev code are all the patches in the different threads and determining if they are still needed or a commit has been done. Is there some way to filter the issues list based on what outstanding patches are ahead of the latest version in the repo? Or are those patches being included in the latest drush make dev install? It seems strange to me that committers don't just commit instead of supplying a patch.
Comment #25
ezra-g CreditAttribution: ezra-g commentedSure. If an issue hasn't been marked "fixed" then it typically hasn't been committed. You may wish to review https://drupal.org/node/317 for more about conventions of the Drupal.org issue queue.
This issue is a good example of the reason why maintainers generally file patches: Because our proposed fixes aren't correct 100% of the time. Filing a patch allows others to review the patch from a code and functional perspective so that it's committed only once it passes that review. If we committed directly, we'd end up with many followup and reversed commits, which would mean a messy revision log and codebase.
Comment #26
ezra-g CreditAttribution: ezra-g commentedComment #27
ezra-g CreditAttribution: ezra-g commentedThis patch changes the offending line to
.
Comment #28
amitaibuI believe this is wrong, otherwise that would have been a security issue. Form API knows that element is disabled so doesn't process it.
Untested but, instead of fiddling with form_alter() OG already provides a mechanism to disable a checkbox per anon/ auth users (that's how it disables for example Subscribe permission from Auth users).
Try altering the permissions (
hook_og_permissions_alter()
)to be with an empty role property.Comment #29
ezra-g CreditAttribution: ezra-g commentedThanks, amitaibu. Marking as "needs work".
Re:
Looks like this is a change in behavior from Drupal 6 to 7, per the Form API reference:
In Drupal 6:
in Drupal 7
Comment #30
amitaibuYap, Drupal is becoming better in each version ;)
Comment #31
ezra-g CreditAttribution: ezra-g commentedHere's a patch that implements hook_og_permission_alter() and a screenshot showing the changes to the permissions and description text.
It feels awkward to show a setting to the user that they'll never be able to adjust in this UI, but this is only one detail of the broader administrative experience in Commons that needs review, so this patch seems like an incremental improvement and we can circle back on this UI during the larger review.
Comment #32
ezra-g CreditAttribution: ezra-g commentedComment #33
ezra-g CreditAttribution: ezra-g commentedWrong patch #31 ;).
Comment #34
japerryCould replicate with a fresh install, applied the patch and still got the 'require admin approval' while the group was in moderation. Once the group was made active, i could go back and select anyone to contribute.
On one hand this makes sense, but by default any group created by a non-administrator is going to default to needing approval before it gets approved.
Comment #35
ezra-g CreditAttribution: ezra-g commentedPer #34, I believe we need to combine #33 with the removal of commons_groups_og_role_change_permissions().
Comment #36
ezra-g CreditAttribution: ezra-g commentedRe-roll per #35.
Comment #37
RobKoberg CreditAttribution: RobKoberg commentedThe patch in #36 works! I created three groups, one for each privacy setting and the were created as expected.
Comment #38
ezra-g CreditAttribution: ezra-g commentedThanks for the prompt testing, RobKoberg!
Comment #39
RobKoberg CreditAttribution: RobKoberg commentedLet's close the beatches out and release 3.3!
Comment #40
ezra-g CreditAttribution: ezra-g commented#36 is committed. Thanks!
http://drupalcode.org/project/commons_groups.git/commit/b07b103