Skip to content
This repository has been archived by the owner on Aug 18, 2024. It is now read-only.

8.x-1.0-alpha6
Compare
Choose a tag to compare
@MPParsley MPParsley released this 22 Apr 11:17
· 170 commits to 8.x-1.x since this release
8.x-1.0-alpha6
ac73d77
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

8.x-1.0-alpha6

This release adds support for Drupal 9.x and PHP 7.4, fixes a security vulnerability and has improved entity access.

There are some significant backwards compatibility breaks in this release, please refer to the dedicated section below.

Security fixes

  • #694 Users should not be able to subscribe to closed groups

New features

  • #672 Provide dedicated methods to check for access on group content entity operations
  • #674 Provide "delete" entity operation access checks on group entities
  • #675 Provide a hook for altering access on group content entity operations

Improvements

  • #402 Replace GroupTypeManager::getAllGroupBundles() with ::getGroupMap()
  • #543 Remove t() calls
  • #640 Support Drupal 9.0
  • #641 Drupal 9.0 compatibility: Use PHPUnit 7 for Drupal 9 builds
  • #648 Remove dead code in OgAccessHookTest
  • #649 Drop support for Drupal 8.7.x
  • #650 Support Drupal 9.1
  • #651 Switch CI integration to Github Apps
  • #652 Remove $ignore_admin flag on OgAccess::userAccess()
  • #654 Remove static cache in OgAccess::userAccess()
  • #657 Rename 'administer group' permission to 'administer organic groups'
  • #662 Drupal 9.1 compatibility: AssertLegacyTrait::assertOptionSelected() is deprecated
  • #663 Drupal 9.1 compatibility: Do not fail 9.x builds on deprecation warnings
  • #665 Drop support for PHP 7.1
  • #667 Drupal 9.1 compatibility: Function ReflectionType::__toString() is deprecated
  • #668 Use PHPUnit 7 for all builds
  • #677 Add support for PHP 7.4
  • #682 OgRoleInterface now extends RoleInterface
  • #685 Clean up OgMembership::preSave()
  • #688 Adopt the strict types declaration
  • #690 Update SPDX licence identifier to the correct format
  • #697 Document why we are doing an interface check
  • #693 Document how OG handles access and permissions

Bug fixes

  • #643 Other groups field ignoring bundles settings
  • #659 OgAccess::userAccess() doesn't differentiate between entity operations and group level permissions
  • #666 Fix grammar
  • #670 Remove obsolete service definition
  • #671 User access check should no longer accept operations, only permissions
  • #692 Permission based access checks should return neutral if a permission is not granted
  • #700 Fix PHP CS issues
  • #720 Fix GroupSubscribeTest::testSubscribeAccess

Backwards compatibility breaks

  • Support for PHP 7.1 has been dropped. There is at the moment no new code added that requires PHP 7.2 or higher, but we have stopped supporting and testing PHP 7.1. #665
  • The $ignore_admin flag on OgAccess::userAccess() has been removed. This was supported in D7 but barely used and it was currently unused in D8. #652
  • The administer group permission has been renamed back to the original administer organic groups since it was conflicting with a permission from the Group module. #657
  • Some methods in OgAccess were unintentionally processing both group level permissions and entity operations. These have now been split into separate methods. This is restoring the original access handling as it was designed for Drupal 7. See #659 for the full low down.
    • Any code that was calling into OgAccess::userAccess() or OgAccess::userAccessEntity() and passing an entity operation (e.g. update, delete, ...) instead of a group level permission (e.g. subscribe without approval) should now call OgAccess::userAccessEntityOperation().
    • Any code that was calling into OgAccess::userAccess() and passing an entity operation (e.g. update, delete, ...) instead of a group level permission (e.g. subscribe without approval) should now call OgAccess::userAccessEntityOperation().
    • Any hook_og_user_access_alter() hook implementations that are expecting the $context['permission'] data to contain an entity operation (such as update or delete) rather than a permission (e.g. subscribe without approval) will no longer be called. This code should instead be placed in an event subscriber that listens to the GroupContentEntityOperationAccessEvent::EVENT_NAME event.
    • Any code that was calling into $entity->access() to check for group level permissions (e.g. subscribe without approval) rather than an entity operation (e.g. update, delete, ...) was working before but was in violation of the Drupal API and will need to be replaced with a call to OgAccess::userAccess().
  • The method GroupTypeManager::getAllGroupBundles() was duplicating the functionality of two other methods and has been removed. All code that was calling ::getAllGroupBundles() without passing an argument should now call ::getGroupMap(). Code that was calling ::getAllGroupBundles($type) with an argument should now call ::getGroupBundleIdsByEntityType($type). #402
  • Support for Drupal 8.7 has been dropped #649
Assets 2
Loading