Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update docs around Drupal permissions for Preview Mode #584

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Update docs around Drupal permissions for Preview Mode #584

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7655163
Update create-oauth-client.mdx
tjheffner Nov 2, 2023
ff4c30b
Merge branch 'main' into patch-1
JohnAlbin Nov 13, 2023
cdff3c5
Update create-oauth-client.mdx
tjheffner Nov 14, 2023
6a27db0
actually run prettier
tjheffner Nov 14, 2023
0737d0c
Merge branch 'main' into patch-1
JohnAlbin Nov 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions www/content/tutorials/preview-mode/create-oauth-client.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,17 @@ As from `next-drupal 1.5`, user roles are used for OAuth scopes. The scopes are

Next, assign the following permissions to the newly created role.

- Bypass content access control
- Issue subrequests
- View user information
- 'access content'
- 'access user profiles'
- 'issue subrequests'
- 'view all revisions'
- 'view any unpublished content'
- 'view latest version'
- 'view media'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried out these new permissions on a Drupal 10.1 site and ran into a snag.

What version of Drupal did you use to create this list?

In Drupal 10.1 some of those permissions don't exist. Best I can tell the permissions are:

  • 'View all media revisions'
  • 'View media'
  • 'View own unpublished media'
  • 'View all revisions'
  • 'View published content'
  • 'View own unpublished content'
  • 'Issue subrequests'
  • 'View user information'

What heading is "view latest version" under? I don't see anything in 10.1 that matches that.

Copy link
Author

@tjheffner tjheffner Nov 29, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These were from a Drupal 9.5.11 site.

On our site, view latest version is underneath the Content Moderation heading, and was required for viewing forward revisions (i.e. new draft revision of previously published content) in our setup

Screenshot 2023-11-29 at 10 14 27 AM

Also, the preview user will likely still want view any unpublished content, not necessarily just their own

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On our site, view latest version is underneath the Content Moderation heading

Aha! I didn't have that installed. That module is also required for the "View any unpublished content" permission. Without that module, the only perms that mention "unpublished" are the ones under the "Node"/"Media" modules for "own unpublished".

And, yes, having the "View any unpublished content" permission is required to allow the Next.js User to view unpublished content owned by regular content editors.

I think we should add the module heading for each of these permission so that users (like me!) don't get confused about which permissions to use. Adding the module heading will also give a hint on how to get that permission if it isn't listed on a user's website.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm… I still don't see a 'access content' permission even on a Drupal 9 site. I'm using Node module's 'View published content' permission instead.

I've tested these permissions on a Drupal 10.1 site and they seem to be sufficient:

- 'Content Moderation: View any unpublished content'
- 'Content Moderation: View the latest version'
- 'Media: View all media revisions'
- 'Media: View media'
- 'Node: View all revisions'
- 'Node: View published content'
- 'Subrequests: Issue subrequests'
- 'User: View user information'

Copy link
Author

@tjheffner tjheffner Dec 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I think some of the confusion is my list is coming from the exported config (uses machine names of perms), and the permissions list in the UI doesn't surface those, using the titles instead.

access content is originally coming from Core's system.permissions.yml, and is equivalent to View published content

# Note that the 'access content' permission is moved to the Node section of the
# permission form when the Node module is enabled.
access content:
  title: 'View published content'


<Callout>

We are assigning the _Bypass content access control_ permission to allow Next.js to access unpublished content and revisions.
We are assigning the _view all revisions_ and _view any unpublished content_ permissions to allow Next.js to access unpublished content and revisions.

This scope is only going to be used when making authenticated requests from Next.js to Drupal.

Expand All @@ -55,7 +59,7 @@ const articles = await drupal.getResource(

## 3. Create User

Add a new user at `/admin/people/create` and **assign them all the roles that are going to be used for scopes, including the administrator role and the role we created above**.
Add a new user at `/admin/people/create` and **assign them all the roles that are going to be used for scopes, including the role we created above**.

---

Expand Down