Closed MariosORION closed 4 months ago
Discussing in Merge Tuesday.
In general we try to avoid updating permissions with update hooks.
@willguv points out that this is an oversight, we did not give the permission to the contributor role.
@ekes outlines an edge case where people might be able to create locations outside of a workflow.
@stephen-cox thinks it is likely that most sites have fixed this.
Asking those in the room if there are any objections to releasing updates to permission: none.
So: I will test and assuming it does work as expected, will merge and tag a release.
THanks @MariosORION !
Thinking about it, this permissions is just about can they use the entity browser which is only avalible if they can edit the field. The change is small enough that it's worth going ahead. May even be safe to add to the authenticated user role? Thiough in this case the hook to update the default permissions and a release note addressing the why should be sufficent on the off chance someone needs to turn them off.
Thinking about it, this permissions is just about can they use the entity browser which is only avalible if they can edit the field.
And more importantly my edge case falls out because you still need to give permision to create. You can still re-use with the library without create permission. There is also a follow-up about create with workflow. https://github.com/localgovdrupal/localgov/issues/728
PR for issue https://github.com/localgovdrupal/localgov_geo/issues/113.
Description of changes: