Problem/Motivation

I would expect integer fields such as timestamps to be cast to an int but instead a string is returned. For example:

/** @var \Drupal\aggregator\Entity\Feed $feed */
var_dump($feed->getLastCheckedTime());

// Actual: string '1411796607 ' (length=11)
// Expected: int 1411796607

Proposed resolution

I'd like to know if this is expected or whether there it's an issue? Or maybe, a link to an existing issue?

Additional info

tim.plunkett pointed out that FieldItemBase::__get() calls getValue() rather than getCastedValue().

  /**
   * {@inheritdoc}
   */
  public function __get($name) {
    // There is either a property object or a plain value - possibly for a
    // not-defined property. If we have a plain value, directly return it.
    if (isset($this->values[$name])) {
      return $this->values[$name];
    }
    elseif (isset($this->properties[$name])) {
      return $this->properties[$name]->getValue();
    }
  }

Hello!
I use data definitions to validate some incoming data and this data should also be casted to its defined types (int - to int and etc).
Just wanted to use data definitions to cast this values too (just ->validate()->getValue() ) but found, that this is impossible, because getValue() method calls same methods from sub-definitions and etc.
But primitive types (see PrimitiveInterface) already have special method: getCastedValue.
For me it looks like we need to get this method for ComplexDataDefinitions too, with same behavior as for getValue(), but with getCastedValue calls for sub-definitions.

In #2205271: Project namespace for dependencies support was added to allow modules to list dependencies by prefixing their names with their project name, thus solving the age-old problem of module names and project names being different (*cough* CCK *cough*). This API improvement was included in v7.40.

In #2844504: Testbot failing for Metatag-D7 =) it was identified that some of Metatag's tests were failing because the testci system was unable to download certain dependencies, specifically one submodule depending upon another submodule would fail if the dependency was listed in the old [module] syntax, it had to be listed in the newer [project:module] syntax.

It was reported in #2853699: Wrong dependency declaration by asacolips that this conflicts with installation profiles, which do not support the [project:module] syntax.

A simple example is the following:

• Download the latest Panopoly distribution release.
• Set it up somewhere so it can be installed.
• Download Metatag into the directory structure somewhere, e.g. sites/all/modules.
• Edit the panopoly.info file to list Metatag as a dependency, e.g.:
  

  diff --git a/panopoly.info b/panopoly.info
  index 2ee445e..2752de7 100644
  --- a/panopoly.info
  +++ b/panopoly.info
  @@ -21,6 +21,8 @@ dependencies[] = file
   dependencies[] = dblog
   dependencies[] = update
  
  +dependencies[] = metatag
  +
   ; Panopoly Foundation
   dependencies[] = panopoly_core
   dependencies[] = panopoly_images
  

• Hook up the codebase to the local web server and try to run the installer.
• The following requirements error will be reported:
  

  Required modules - Required modules not found.
  The following modules are required but were not found. Move them into the appropriate modules subdirectory, such as sites/all/modules. Missing modules: Drupal:system, Ctools:ctools, Token:token

• Further, if the dependency line in panopoly.info is changed to "dependencies[] = metatag:metatag" then the error becomes the following:
  

  Required modules - Required modules not found.
  The following modules are required but were not found. Move them into the appropriate modules subdirectory, such as sites/all/modules. Missing modules: Metatag:metatag

It seems like the dependency logic does not properly handle the [project:module] logic for modules available in the current codebase.

Steps to reproduce
I experienced this error when trying to import a config export that was broken, the 'profile' key was missing.
So while it's not advisable to do this under normal circumstances, the steps to reproduce are:

1. have an installed/running site,
2. export config,
3. go into config/sync/core.extension and delete or change the 'profile' key,
4. attempt to import that configuration into your site

What happened
This will generate the error:

Cannot change the install profile from <em class="placeholder"></em> to <em
class="placeholder">standard</em> once Drupal is installed.

The from and to install profiles in this message are backwards.

Expected behaviour

The message should be:

Cannot change the install profile from <em class="placeholder">standard</em> to <em
class="placeholder"></em> once Drupal is installed.

It's a small thing but cost me several hours of debugging and head scratching! :)
Note: the problematic code is in core/lib/Drupal/Core/EventSubscriber/ConfigImportSubscriber.php line 139.

Follow-up to #2737805: Convert web tests to browser tests for forum module

Convert ForumIntegrationTest web tests to browser tests for forum module

Child of #2735005: Convert all Simpletest web tests to BrowserTestBase (or UnitTestBase/KernelTestBase)

Background
In D8 the default access settings are simple: there is a single 'administer users' permission that controls editing other users.

More complex schemes are possible using contrib modules to allow selective editing of other users under certain conditions. An example of such a module is Administer Users by Role. I am the maintainer of this module, trying to port it to D8.

Problem
contrib modules cannot grant field-level access to some fields on the user. For example, in a view of users, the "status" column will not be present except to a user with 'administer users' permission.

• The code in the contrib module can implement hook_ENTITY_TYPE_access() for entity type "user" which works to allow editing of the user.
• The code in the contrib module can implement hook_entity_field_access, but this doesn't work because the default code in UserAccessControlHandler has set AccessResult::forbidden().

The documentation here states

Note: Even a single module returning an AccessResultInterface object from hook_node_access() whose isForbidden() method equals TRUE will block access to the node. Therefore, implementers should take care to not deny access unless they really intend to. Unless a module wishes to actively forbid access it should return an AccessResultInterface object whose isAllowed() nor isForbidden() methods return TRUE, to allow other modules or the node_access table to control access.

Solution
UserAccessControlHandler should set AccessResult::neutral. This prevents access by default, but allows other modules to override.

The password field is an exception because it should be forbidden for any user to read it under any circumstances.

Patch coming.

Problem/Motivation

If our goal is to segregate our interfaces by workflow types that are configurable and workflows that are not, I think it makes sense to move the methods for transition/state forms to WorkflowTypeFormInterface/WorkflowTypeFormBase.

That leaves implementations of workflow types that are simple and don't require the collection of extra information for states/transitions/as a whole light.

Proposed resolution

Move these methods.

Remaining tasks

Discuss and agree on an approach.

User interface changes

API changes

Data model changes

Problem/Motivation

During theme initialization, block_theme_initialize() copies over existing blocks and gives them a machine name prefixed with the theme name. It does not check to see if a block exists with this name already.

Proposed resolution

Move the logic in \Drupal\block\BlockForm::getUniqueMachineName to a location where it can be shared with block_theme_initialize.

Remaining tasks

User interface changes

API changes

Data model changes

Problem/Motivation

With #2831274: Bring Media entity module to core as Media module and its bundles on core we'll have a powerful media system. After we figured out storage we'll need to do display/render part.

When a media entity is referenced from another piece of content we can use existing "Rendered entity" formatter.

Proposed resolution

First decide if "Rendered entity" formatter suffices for the use-case. If that will be the case provide default configuration that will re-create existing functionality with image and file fields and lead the way for site-builders and contrib.

If not plan and implement formatters for media entities that will re-create behavior of existing ones.

Remaining tasks

- decide about the approach
- create default configuration or new formatters

Problem/Motivation

Steps to reproduce

1. Enable content_moderation
2. Allow articles to be added to menus.
3. Create an article, don't add a menu item.
4. Create a new draft revision of the node, this time create a menu item.
5. After saving, note the node immediately appears in the menu.

Proposed resolution

Either:

1. Don't allow nodes to be added/changed/removed in menus when saving a non-default revision

2. Change the node/menu integration to somehow be revision-aware

Remaining tasks

User interface changes

Problem/Motivation

Similar to #2856363: Path alias changes for draft revisions immediately leak into live site.

Steps to reproduce

1. Enable book module and configure it for article content type.
2. Create a node and publish it.
3. Create a new draft revision of the node, adding it to a book outline from the node form.

Note the node immediately appears in the book outline.The same will be true to changes/removals from book outlines when editing nodes as draft.

There are really two bugs here:

1. Data loss/integrity due to side effects from saving drafts.

2. Access bypass on sites that have more complex workflows restricting access to publish actions, since this allows people who wouldn't be able to publish a draft to affect the published site.

Proposed resolution

Either:

1. Prevent changes to book outlines when saving revisions as drafts.

2. Add revision support to book module.

(or the first as a stop-gap and the second as a follow-up task).

A further consideration once we get to workspaces is admin/structure/book - if you're in a workspace you'd expect that to only make changes in the workspace, at the moment it'll change things on the live site.

Remaining tasks

User interface changes

API changes

Data model changes

(Filling this as a followup to #2842064: Form widget shows HTML in label as plain text in the Entity Browser queue)

Right now, ContentTranslationHandler::addTranslatibilityQueue is adding the translatibility clue to a large range of items, including the details one. As is though, Details '#title' content is supposed to only contains plain text ; when being fed a span, it'll be displayed as is to the site contributor.

Not sure yet if this belongs to the content_translation component, to not add a span for things that should be plain text, or to the the form system one, to make details more in line with fieldset, and let it allow markup in the summary the way it allows for markup in the legend.

Steps to reproduce

As is, this is tricky to reproduce using core only, there's no field widget that directly expose a details element. Current steps to reproduce using Entity Browser:

1. Install Entity Browse
2. Set up a multilingual Drupal, enable content translation
3. Set up content content translation for the Article node type
4. Create an entity reference field on the Article node type, make it untranslatable
5. Set the widget for that entity reference field to use the entity browser widget
6. Create a node
7. Add a translation for that node

At that point, the widget title will be the field name, suffixed by all languages, with the span being displayed.

Problem/Motivation

media.libraries.yml declares its libraries as:

media_form:
  version: VERSION
  js:
    js/media_form.js: {}
  dependencies:
    - core/drupal.form

media_type_form:
  version: VERSION
  js:
    js/media_type_form.js: {}
  dependencies:
    - core/drupal.form

It is not necessary to prefix them with media_ as you already attach them as 'media/LIBRARY'

Proposed resolution

Remove the prefixes.

Remaining tasks

Review the attached patch.

User interface changes

None

API changes

None

Data model changes

None

Updated: Comment #334

Problem/Motivation

Currently, when a node table is left joined into a query, adding a node_access tag to the query filters out accessible rows from the base table (effectively acting more like an inner join). In particular, rows containing null values are incorrectly filtered out by node_access (i.e., if the base table has null entries for the node ID, node_access denies access to all users based on those null values, even though they should have no relevance to node_access checks). The most common example is a view where rows disappear from the table after adding an optional relationship to the view.

See the tests in patch #326 to reproduce, or more manually in D7:
1. Install Entityreference and Views,
2. Create a field referencing nodes (using entityreference),
3. Create a node having the entityreference field empty,
4. Create a View with a relationship using the entityreference field. Do NOT select "Require this relationship".
5. Expected result is that regular users can see the node in the View. Current result is that regular users cannot see the node.

Proposed resolution

The problems can be fixed by altering how the node_access conditions are added into the query whenever the node table is a joined table. Currently the conditions are added to the overall query conditions; the proposal is to instead add the node_access conditions into the join conditions.

This approach maintains the integrity of the node_access checks: all nodes to which the current user is denied access are removed from the query results. However, it makes as few additional changes as possible to the query results.

The primary effect is that rows containing optional, empty (null node ID) entries are no longer removed. Furthermore, if rows contain optional (left-joined) content from an access-denied node, only the content of the denied node is removed from the results. In the context of a view, this means that any individual cells of a table containing restricted content will be blanked, but non-restricted content in the rest of the row is still visible to the user.

Adding the node_access conditions into the join conditions is made more difficult by limitations of the database API: #2275519: Unable to use Condition objects with joins. The current patch has opted to add this missing feature to the database API, instead of implementing more complex code that tries to work around the limitation.

Both D8 (#326) and D7 (#332) patches implementing this approach have been provided.

Remaining tasks

1. Patch needs to be reviewed by the community. Earlier patches (in particular D7) were extensively reviewed, but more feedback on the current patch is needed. Some specific recent questions include:
   1. Is the current patch, which avoids an API change, preferable (see #321)?
   2. Is it appropriate for a bug-fix patch to incorporate code for a requested feature (see #319)?
   3. Are there use cases that cannot be handled by patch #326, and would instead require patch #302? (See also Detailed Example)
2. Write tests.(Patch #326 contains comprehensive tests, including nested joins and all combinations of accessible and restricted content.)
3. In Postgres with 3 node tables and a count query, placeholders are getting inserted in the wrong sequence.(This was an issue for patch #149 but was reported as fixed by a subsequent patch. The current D8 patch doesn't edit the placeholders, and has been tested successfully using PostgreSQL.)
4. Address issue of node access with a type of "entity" -- no known cases where this bug is triggered, recommend creating new issue.(The entity-specific query alterations have been removed in D8, making the issue no longer relevant.

User interface changes

None

API changes

None

Data model changes

None

Detailed example

As an example, a site has 'page' nodes containing a field that is a reference to a related 'article' node. A view is created to list the page nodes: the page title is shown in the first column; the related article's title is shown in the second column (using an optional relationship). The following is the view as seen by an admin. Any node with 'public' in the title is visible to everyone; any node with 'private' in the title should not be visible to regular users.

With current code, the table shown to non-admins incorrectly removes some rows containing public pages:

With patch #326, regular users will see:

All private pages and private articles have been filtered out. Public-page-3 is still displayed because it is public content; the reference to private-article-b is in an optional column, implying that unavailable content should result in a blank cell instead of removing the entire row.

Some users may prefer to construct a view where the entire row is removed if it contains a reference to an inaccessible article. In many cases, such views will simply want to change the article column into a required column. If, however, it is necessary to keep rows with missing articles, and only filter rows with inaccessible articles, users can add the appropriate filter into the view, for example, "where article_title is null AND article_reference is not null". This would produce:

Note that one proposed patch, patch #302, uses a different approach that directly produces Case D, without the need for additional filters. However, using patch #302 it is impossible to produce Case C (except by gutting the node_access checks). In other words, patch #326 can be used to handle all reported use cases, but patch #302 cannot.

Original report by [username]

I'm loving the Entity Reference module, but I've come across some weird behavior. It's probably just something I've missed setting.

I have a content type called Album. I've got another content type called Review which has an entity reference to Album.

I've created a View which lists Albums. I wanted to include some fields from my Review content type, but I still want to list each Album, even if a review referencing the album has not been created yet.

In my view, under Relationships, I add an "Entity Reference: Referencing entity" relationship. I make sure "Require this relationship" is NOT checked.

When I'm logged in as an administrator, all Albums are returned, as expected. But when I'm not logged in, or I'm logged in as a regular user, only albums that are referenced by a review are displayed. I'm really puzzled as to why I get different results depending on my user role.

I get the same results regardless of if I add fields from the Review content type or not. I've tried clearing the cache multiple times, and I've tried checking and unchecking the "Require this relationship" box. I've deleted the relationship and tried adding it again, but I always get the same results.

Problem/Motivation

WebTestBase has a :settingsSet method, which is a bit pointless. This just changes the Settings object in memory.

Proposed resolution

* Provide a copy of this method on BrowserTestBase
* Mark it as deprecated
* Recommend to use a KernelTest instead.

Remaining tasks

User interface changes

API changes

Data model changes

Problem/Motivation

This is a subissue of #2526060: Add tests for action plugins. We need automated tests for the Comment action plugins. Those plugins can be found in core/modules/comment/src/Plugin/Action

Proposed resolution

Add tests.

Remaining tasks

• The test class contains one test, testing all the comment action plugins. It should have a test per plugin.
• The test class is called CommentActionsUnitTests, but I think these are not unit tests, but kernel tests.

See #2735005: Convert all Simpletest web tests to BrowserTestBase (or UnitTestBase/KernelTestBase)

Blockers:

- #2795085: Add assertNoCacheTag, assertCacheContext/assertNoCacheContext to assertLegacyTrait

Problem/Motivation

Currently assertNoCacheTag & assertCacheContext/assertNoCacheContext exist on WebTestBase but there is no equivalent available for BrowserTestBase, in order to facilitate ease of conversion we should add assertNoCacheTag and assertCacheContext/assertNoCacheContext to assertLegacyTrait

Proposed resolution

Remaining tasks

Create the methods and deprecate them.
Add tests.

User interface changes

API changes

New methods available for conversion.

Data model changes

can someone help with user data

i would like to store user data in a way, that it is not shown for the public but only to authenticated users or in internal views for assigned users.

1 i added fields for storing user data
2. i made a view that shows this data

but now i would like to have the opportunity, that the user can select whether his data is shown in the view or not.

Thanks for any response

Lothar

See [#2735005]Drupal\config\Tests

Skipped tests:

• ConfigInstallProfileUnmetDependenciesTest (Needs InstallerTestBase)
• \Drupal\config\Tests\AssertConfigEntityImportTrait could be moved?
• \Drupal\config\Tests\SchemaCheckTestTrait is deprecated already

Blockers:
#2795085: Add assertNoCacheTag, assertCacheContext/assertNoCacheContext to assertLegacyTrait