Opinion: URL Rewrite management should be read only for users and not considered a redirect tool

[aliomattux]

Description:
Magento 2 provides out of box a tool under Marketing > SEO & Search > URL Rewrites. This tool allows anyone with access to delete any URL, including system generated URL's. It also is intended to allow users to create custom redirects.

Opinion: this tool cannot be used as intended. This tool should become readonly and not changeable by users. Magento should introduce a new storage and delivery system for redirects.

Why? Several reasons

1. There is a constraint that each URL be unique. This alone eliminates the ability to redirect a product from A to B. When you create a product, a URL is generated for the system in url_rewrite for the product and every combination of category. The format is request_url = url_key, and target = catalog/product/id, etc. Because the system generates this URL, it is impossible to redirect the url to any other location due to constraint. If you attempt to create a custom redirect, you will receive an error that the request path already exists.
   This forces users to either delete the system URL which is improper and should not be allowed, or to go around Magento and use a webserver redirect. Note that business process for redirects varies greatly depending on company practice. Some companies would leave the URL available and say not available for purchase, some companies would make the page 404, and others would redirect that request to either another product or a category/landing page. The greatest flexibility is to create a request url and target url.

2. If a user deletes the system url, and saves either ANY category that the product is associated with or the product itself, the system will attempt to regenerate the URL and prevent the user from saving. The same problem can happen if the user creates a URL redirect and then later attempts to change the category or product url to match. Some of these are practice issues, however the system "allows" this behavior. The user is not aware they may have created a problem. This creates a "Nightmare" scenario for developers as users will repeatedly report problems and inability to save. Each URL issue must be investigated.

Preconditions (*)

Version: 2.3.3, probably all versions

Steps to reproduce (*)

1. Create product A. Assign to category A. Save product

2. Create redirect from A to B. Error is received and cannot create redirect

3. Delete system url redirect

4. Create custom url redirect

5. Save category or product with no changes
   Error is received

Expected result (*)

Actual result (*)

1. Allow users to create 301 redirects for products no longer sold
2. Do not allow users to delete system urls arbitrarily

The tool is marketed as an SEO tool, but it is a critical part of the core program!

---

Please provide Severity assessment for the Issue as Reporter. This information will help during Confirmation and Issue triage processes.

Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.

[m2-assistant]

Hi @aliomattux. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, please, review the Magento Contributor Assistant documentation.

Please, add a comment to assign the issue: @magento I am working on this

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

⚠️ According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[m2-assistant]

Hi @engcom-Delta. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

• 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).

  Details

  If the issue has a valid description, the label Issue: Format is valid will be added to the issue automatically. Please, edit issue description if needed, until label Issue: Format is valid appears.

• 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add Issue: Clear Description label to the issue by yourself.

• 3. Add Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• 4. Verify that the issue is reproducible on 2.4-develop branch

  Details

  - Add the comment @magento give me 2.4-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

• 5. Add label Issue: Confirmed once verification is complete.

• 6. Make sure that automatic system confirms that report has been added to the backlog.

[engcom-Delta]

Hi @aliomattux thank you for your report.
Looks like it is not an issue as you could restrict access for URL Rewrites using User Roles
Manual testing scenario:

• Create new user role with unchecked URL Rewrites
  
• Create new admin user and assign him to appropriate user role
  
• Login as new admin user

Result:
✔️ URL Rewrites is not shown

Is User Roles functionality not enough for your purpose?

[aliomattux]

Hello, You can go ahead and close the ticket, but to answer your question, no permissions do not solve the issue. My feedback was Magento rewrite system functionality is incompatible with how standard practice is carried out for redirects. I believe the feature of redirect is mislabeled. See my original post for details.

…

On Wed, Feb 3, 2021 at 7:49 AM Vasyl Shvorak ***@***.***> wrote: Hi @aliomattux <https://github.com/aliomattux> thank you for your report. Looks like it is not an issue as you could restrict access for URL Rewrites using User Roles *Manual testing scenario:* - Create new user role with unchecked URL Rewrites [image: image] <https://user-images.githubusercontent.com/51681379/106755295-a3f5e380-6636-11eb-98a1-a5a2d797bf36.png> - Create new admin user and assign him to appropriate user role [image: image] <https://user-images.githubusercontent.com/51681379/106755458-d56eaf00-6636-11eb-95a1-ba185758b543.png> - Login as new admin user *Result:* ✔️ URL Rewrites is not shown [image: image] <https://user-images.githubusercontent.com/51681379/106754880-2af68c00-6636-11eb-9712-9077bbce5396.png> Is User Roles functionality not enough for your purpose? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#30989 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIAVCNXKWPXERZR6HAABODS5FIADANCNFSM4T3YPRFA> .

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 14 days if no further activity occurs. Is this issue still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? Thank you for your contributions!