You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In working on a solution for #16048, I discovered that changes to a Role definition—specifically its authority—do not update ACL entries that use the Role.
Step to reproduce
Create at least one Role (via ACLs, Roles tab).
Assign this Role anywhere access permissions can be defined. An easy area to observe this is in the Media Source editing panel.
Change the Role's authority (via ACLs, Roles tab).
Return to the object for which you assigned permissions using this Role.
Observed behavior
The ACL in question (where you changed its Role's authority) will no longer appear on the object.
Expected behavior
Updates to Role authority should also update all objects that use the Role in an ACL.
Note
This root cause of this is what I suspect is a bit of a data design flaw: A value of the Role (the authority) is what's saved in every ACL's db entry, not its primary key (id in this case). This complicates matters when we need to update an assigned Role. Now, we'll need to search through every ACL table for entries where the given authority value exists. Perhaps this can be redesigned in the future, but I know that wouldn't be possible until a feature release at the very least, and maybe not until the next major release. Something to consider...
Environment
MODX 2.8.7 and 3.1.0-dev (and presumably any version of 3.x)
The text was updated successfully, but these errors were encountered:
smg6511
added
the
bug
The issue in the code or project, which should be addressed.
label
Apr 27, 2024
Bug report
Summary
In working on a solution for #16048, I discovered that changes to a Role definition—specifically its authority—do not update ACL entries that use the Role.
Step to reproduce
Observed behavior
The ACL in question (where you changed its Role's authority) will no longer appear on the object.
Expected behavior
Updates to Role authority should also update all objects that use the Role in an ACL.
Note
This root cause of this is what I suspect is a bit of a data design flaw: A value of the Role (the
authority
) is what's saved in every ACL's db entry, not its primary key (id
in this case). This complicates matters when we need to update an assigned Role. Now, we'll need to search through every ACL table for entries where the givenauthority
value exists. Perhaps this can be redesigned in the future, but I know that wouldn't be possible until a feature release at the very least, and maybe not until the next major release. Something to consider...Environment
MODX 2.8.7 and 3.1.0-dev (and presumably any version of 3.x)
The text was updated successfully, but these errors were encountered: