Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The way it appears to work right now (correct me if I'm wrong) any "client" site that wants to connect to a "server" must authenticate through a User on the Server site.
I'd like to have to option to allow client sites to pull from a server without logging in. Maybe allow for the "Anonymous User" checkbox along with all the rest of the users. I did grant the "Anonymous User" role access to "Access Channels List", but apparently that's not good enough.
On the Client site, the login and password are required, so this doesn't appear to be currently possible.
Comment | File | Size | Author |
---|---|---|---|
#16 | interdiff-3096716_13_16.txt | 18.78 KB | ivan.vujovic |
#16 | entity_share-Allow_Clients_to_connect_to_Server_anonymously-3096716_16.patch | 15.26 KB | ivan.vujovic |
#13 | interdiff_10-13.txt | 8.58 KB | yarik.lutsiuk |
#13 | 3096716-connect-to-server-anonymously-13.patch | 16.23 KB | yarik.lutsiuk |
#10 | interdiff_8-10.txt | 1006 bytes | yarik.lutsiuk |
Comments
Comment #2
GrimreaperHello,
Yes currently, you can't use Entity Share with anonymous user. Because there is a permission to access the channel list, but the exposed channels are then filtered depending on the authorized user.
If you can provide a patch that will help getting this feature.
A workaround would be to configure a role that will have the same permissions as the anonymous user, and create a dedicated user with this role.
Comment #3
id.aleks CreditAttribution: id.aleks as a volunteer and at Smile commentedTagging for Drupal Global Contribution Weekend
Comment #4
GrimreaperHello @id.aleks,
Did you have time to work on this issue during the contribution weekend?
Comment #5
id.aleks CreditAttribution: id.aleks as a volunteer and at Smile commented@Grimreaper Unfortunately no. I'm removing the LutskGCW20 tag.
Comment #6
GrimreaperComment #7
yarik.lutsiuk CreditAttribution: yarik.lutsiuk at Smile commentedComment #8
yarik.lutsiuk CreditAttribution: yarik.lutsiuk at Smile commentedHello,
i think it's raw patch, but i want to hear your thoughts
Cheers
Comment #9
GrimreaperHello,
I think this is the right direction but RemoteManager::getHttpClient method needs to be updated too.
Regards,
Comment #10
yarik.lutsiuk CreditAttribution: yarik.lutsiuk at Smile commentedHello,
Patch with updated getHttpClient method.
Cheers
Comment #11
GrimreaperHello,
Thanks for the patch.
Do not forget to update the status to "Needs review" to trigger automated tests :).
Comment #12
GrimreaperPatch is ok for me.
Can you please provide a test with 2 contents, one published one not?
Import as admin, check that 2 nodes had been imported and then import as anonymous and check that only one node had been imported because "normally" anonymous users don't see unpublished content.
I think you can start creating the test and we will see when #3157110: Additional/refactor tests for the new architecture will be done for a last update of the test.
Comment #13
yarik.lutsiuk CreditAttribution: yarik.lutsiuk at Smile commentedHello,
added new patch with tests.
Cheers
Comment #14
GrimreaperLeave empty to request the server website as the anonymous user.
&& instead of ||, no?
I think this is not needed.
I think this is not needed.
Nice!
I understand why now we need "bypass node access". But I don't understand why it works without "entity_share_server_access_channels".
Ok, after re-reading the codebase. It seems that adminUser is unused. and it was the channelUser that is in fact used and it has the "entity_share_server_access_channels".
UserInterface is no more used in the import at the beginning of the class.
$this->t('Anonymous')
Ok after reading several times the new tests, I understand why it is difficult to make things differently.
So I would have said: add the anonymous user in the main channel and this would be ok. But because of the testRemoteManager::doRequest that stores per URL, this would require to do in the same test to reset it like in testPathautoFieldEnhancer()
Also, methods like "pullChannel()" use $this->remote, so it is hard to provide several remotes in the same class.
I was about to make the small fixes and merge, but I think to prepare tests for #2856713: Authentication plugins and HTTP authentication, we should try to have one class dedicated to authentication tests.
Can you please try to do like Ivan had done in PathautoTest.php please? I think one channel with all the required users can be enough and this would avoid the need to update it. "Just" update the remote with the user you want to use. And no problem to use the admin user, this will give it one reason to exist (you can remove the previous permissions as it were not used).
Comment #15
ivan.vujovicComment #16
ivan.vujovicHello,
Here is the patch which contains (mostly) the rework of the test (ie. merges two tests into one).
I used two channels and one remote, which I changed in the middle of the tests.
Admin user is not used, but permission
bypass node access
was granted to the channel user.Comment #17
GrimreaperThanks a lot for the patch.
Here is my review:
return [
// This user will act an administrative user, so allow them to access
// unpublished nodes.
'bypass node access',
] + parent::getChannelUserPermissions();
But that is perfectly ok. The rest of the code is perfect. So I will merge now!
Comment #19
GrimreaperComment #20
Shawn DeArmond CreditAttribution: Shawn DeArmond at University of California commentedThat's awesome! Thank you guys!!