Open finnlewis opened 1 year ago
@ekes and @millnut I've just been testing the group content permissions in the browser and I'm getting some funny results.
Fresh install
composer create-project localgovdrupal/localgov_microsites_project:3.x-dev MY_PROJECT --no-install;
Now then...
Expected behaviour: the admin1 user on site1 should not be able to create blog posts.
Observed behaviour: the admin1 user on site1 CAN create blog posts.
Further to this... I've tried the group settings where we have the ability to enable and disable content types for each group, and this does not appear to have any effect either:
@hc-konrad follow this issue for udates!
@xtianjohnson following for updates.
Manual testing core D10 + group + group_permissions.
Granting group_permissions to a role any group seems to effect all the groups (at least that the user is a member of).
So far so... there's certainly a thing going on between group + group_permissions at the moment that's not specific to localgov microsites.
Thanks for digging into this more @ekes it looks like we have ended up on the conclusion with it being group_permissions, do you think it's worth adding that as a note to https://www.drupal.org/project/group_permissions/issues/3388880
https://www.drupal.org/project/group_permissions/issues/3395306
The test certainly confirms the cache clear issue, but also if I'm correct shows removal of permissions failing again.
I'll be honest here. My temptation is now to remove group_permissions and use custom entity access to set if content can be created - it will then always be possible to be viewed if it has been created.
See https://github.com/localgovdrupal/localgov_microsites_group/blob/2.x/tests/src/Kernel/GroupPermissionsHelperTest.php#L141
https://github.com/localgovdrupal/localgov_microsites_group/issues/396#issuecomment-1739399147
This is the test that is failing: https://github.com/localgovdrupal/localgov_microsites_group/blob/2.x/tests/src/Kernel/GroupPermissionsHelperTest.php#L141
Can anyone re-write this test to test in a different way? @ekes was wondering if maybe a functional browser test to do the same thing might be appropriate?
@millnut might be able to look at this 😄