| [22:57:32] | <symbioquine[m]> | �ACTION uploaded an image: (368KiB) < https://libera.ems.host/_matrix/media/r0/download/matrix.org/ShkzBiiXPlF... >� |
| [23:13:44] | <paul121[m]> | Nice!! |
| [23:13:54] | <paul121[m]> | Next up, the cost of food being parsed from the receipt image? ;-) |
| [23:15:12] | <paul121[m]> | Still haven't tried out asset link myself :-( but I'm very eager to |
| [11:53:56] | <mstenta[m]> | @room farmOS dev call in ~6 minutes: https://meet.jit.si/farmos-dev |
| [14:53:39] | <symbioquine[m]> | I seem to be running into an issue where normal "Manager" users don't have permission to do file uploads via the API... is that expected? |
| [14:54:04] | <symbioquine[m]> | My code is similar to [flow #2](https://www.drupal.org/node/3024331). |
| [14:54:33] | <symbioquine[m]> | It works as the administrator user though. |
| [14:55:32] | <symbioquine[m]> | Error is... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/b559529f0a...) |
| [15:05:16] | <mstenta[m]> | Huh no that is not expected |
| [15:05:36] | <symbioquine[m]> | Looks like other folks might have run into something similar: https://drupal.stackexchange.com/questions/301117/uploading-an-image-wit... |
| [15:07:29] | <symbioquine[m]> | Unfortunately, it would be pretty limiting to use [flow #1](https://www.drupal.org/node/3024331) because it wouldn't work as part of entity creation (only updates) |
| [15:16:06] | <paul121[m]> | oh dang. do we not grant the `create asset` permission via managed roles? Instead we only grant the granular `create {type} asset` ? |
| [15:16:26] | <symbioquine[m]> | paul121[m]: I think that's correct |
| [15:16:51] | <symbioquine[m]> | Actually `create asset` doesn't even show up in the list of permissions for some reason... |
| [15:19:30] | <mstenta[m]> | Wait what would `create asset` perm be for? |
| [15:20:01] | <symbioquine[m]> | �ACTION uploaded an image: (4KiB) < https://libera.ems.host/_matrix/media/r0/download/matrix.org/dYSMmTbOzpt... >� |
| [15:20:02] | <paul121[m]> | It would be more like `create any asset`, but yeah that doesn't seem to exist |
| [15:20:08] | <mstenta[m]> | (Sorry on my phone waiting to pick up kids) |
| [15:20:28] | <symbioquine[m]> | np 😁 |
| [15:20:28] | <mstenta[m]> | But why? |
| [15:20:40] | <mstenta[m]> | Isnt it a file you want to create? |
| [15:21:04] | <paul121[m]> | > POST /jsonapi/node/article/field_image |
| [15:21:04] | <paul121[m]> | So they should be able to get the bundle *I think*... the POST includes entity type and bundle |
| [15:22:26] | <symbioquine[m]> | mstenta[m]: Yeah, it seems odd |
| [15:22:45] | <paul121[m]> | mstenta[m]: it's a file you want to create, but iirc each file field has the storage location configured to it. This could be different per bundle. So it kinda makes sense there is a permission check here |
| [15:23:14] | <paul121[m]> | otherwise people could create files in the private/public directory structure where you don't want them to? maybe? |
| [15:23:25] | <mstenta[m]> | Yea but wouldnt that check be for "updating own asset"? |
| [15:23:55] | <mstenta[m]> | (In addition to allowing file creation I imagine) |
| [15:24:28] | <mstenta[m]> | (Sorry maybe you're talking about creating an asset not updating one) |
| [15:24:32] | <symbioquine[m]> | Either one |
| [15:26:02] | <symbioquine[m]> | The nice thing about flow #2 is that you post to `/api/asset/animal/image` without needing to specify the animal asset that the file will get related to |
| [15:26:51] | <symbioquine[m]> | Then make a second request with the resulting `file--file` id to add the relationship to an existing `asset--animal` record, or include it in a new `asset-animal` record. |
| [15:27:35] | <symbioquine[m]> | The first request doesn't know how the resulting file will be used other than that it will be used in the specified relationship field. |
| [15:31:02] | <paul121[m]> | hmm. well I think this is the relevant source: |
| [15:31:02] | <paul121[m]> | https://git.drupalcode.org/project/drupal/-/blob/9.5.x/core/modules/json... |
| [15:31:02] | <paul121[m]> | https://git.drupalcode.org/project/drupal/-/blob/9.5.x/core/modules/json... |
| [15:31:57] | <paul121[m]> | it seems odd that the error says "permissions are required: .... OR ..." ... this line seems to do a `$access_result->andIf()` check, which isn't OR? |
| [15:31:57] | <paul121[m]> | https://git.drupalcode.org/project/drupal/-/blob/9.5.x/core/modules/json... |
| [15:33:10] | <paul121[m]> | I believe the `fieldAccess('edit'..)` call is what gets the `administer assets` permission. Not 100% sure tho... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/16c159ffd8...) |
| [15:34:18] | <symbioquine[m]> | It seems like that code is trying to do a bundle-specific check: https://git.drupalcode.org/project/drupal/-/blob/ecbe3ad37c7648205c6d082... |
| [15:34:47] | <symbioquine[m]> | I guess I should add some logging in there and see what some of those values are... |
| [15:38:30] | <paul121[m]> | ah yes. but this is a base field! not a bundle field |
| [15:38:30] | <paul121[m]> | > // Base fields do not have target bundles. |
| [15:38:38] | <paul121[m]> | maybe that is part of the issue? hmm |
| [15:52:31] | <paul121[m]> | * I believe the `fieldAccess('edit'..)` call is what gets the `administer assets` permission. Not 100% sure tho... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/a22eea7eb7...) |
| [15:52:39] | <paul121[m]> | * ~I believe the `fieldAccess('edit'..)` call is what gets the `administer assets` permission. Not 100% sure tho~... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/5fc53b78f9...) |
| [15:52:43] | <symbioquine[m]> | `$entity` and `$bundle` are both `NULL`. |
| [15:52:58] | <symbioquine[m]> | `$field_definition` is `Drupal\Core\Field\BaseFieldDefinition Object ( [type:protected] => image [propertyDefinitions:protected] => [schema:protected] => [indexes:protected] => Array ( ) [itemDefinition:protected] => Drupal\Core\Field\TypedData\FieldItemDataDefinition Object ( [fieldDefinition:protected] => Drupal\... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/d8121ef009...) |
| [15:54:01] | <paul121[m]> | This looks suspicious in the `drupal/entity` module. It has the `or` for both `administer {type}` and `create {type}` permissions: |
| [15:54:01] | <paul121[m]> | https://git.drupalcode.org/project/entity/-/blob/8.x-1.x/src/EntityAcces... |
| [15:54:42] | <paul121[m]> | this might be a wild chase of entity access control handlers... which can be implemented in different classes, react to hooks, and alter hooks. so debugger will be necessary :-) |
| [15:55:23] | <paul121[m]> | give the the `$bundle` is `NULL`... this might be the issue? |
| [15:56:05] | <symbioquine[m]> | Yeah, I think `$bundle` being `NULL` just validates what you said about the image being a base field. |
| [15:56:45] | <paul121[m]> | If you turn on field_ui and make a �bundle� file field I bet it will work! |
| [15:57:16] | <symbioquine[m]> | Hmmm, I'm skeptical... |
| [15:57:42] | <symbioquine[m]> | Wouldn't I also have to add an extra permission in that case too? |
| [15:57:53] | <symbioquine[m]> | oh |
| [15:57:59] | <symbioquine[m]> | I see |
| [15:58:25] | <symbioquine[m]> | You're hoping to cause it to line up with the existing `create animal asset` permissions that we already grant? |
| [15:58:49] | <symbioquine[m]> | (as part of the `farm_manager` role that is) |
| [15:59:46] | <paul121[m]> | yep! |
| [16:04:02] | * sandrajude[m] has joined #farmos |
| [16:16:28] | <symbioquine[m]> | I agree that would probably make it work, but I'm not sure it's that important of a hypothesis to test since we're not actually contemplating making the image/file fields into bundle fields right? |
| [16:17:04] | <symbioquine[m]> | I guess I'm more interested in what a reasonable path forward for the fields we actually have is... |
| [16:17:43] | <symbioquine[m]> | It seems like that access check is probably pretty reasonable as a default for Drupal core. |
| [16:18:43] | <symbioquine[m]> | farmOS is doing something special beyond that by breaking down the create/update/delete permissions by asset/log bundle right? |
| [16:19:04] | <paul121[m]> | Yeah I agree. The thing is Drupal core doesn't really have the "bundle permissions" itself... that's via the `entity` module :-/ |
| [16:19:06] | <paul121[m]> | yeah right |
| [16:19:46] | <symbioquine[m]> | So naively, that makes me think we need a access control handler which says "oh right, you have permission to create animal assets, so you should be allowed to create file/image entities related to them" |
| [16:22:54] | <paul121[m]> | Yeah |
| [16:23:09] | <paul121[m]> | only a matter of how... :D |
| [16:28:20] | <paul121[m]> | `$entity_access_control_handler->createAccess();` accepts a `$context` array, but nothing is provided here. Maybe that could be used. |
| [16:28:20] | <paul121[m]> | https://git.drupalcode.org/project/drupal/-/blob/ecbe3ad37c7648205c6d082... |
| [16:30:58] | <sandrajude[m]> | https://t.me/Etxcapital1 |
| [16:30:58] | <sandrajude[m]> | I'll 20 people on how to earn $10,000 or more in just 3day's from the crypto market.but you will pay me 10% commission when you receive your profit. if interested send me a direct message, for more information... Contact via telegram |
| [16:30:58] | <sandrajude[m]> | https://t.me/Etxcapital1 |
| [16:32:11] | <symbioquine[m]> | ^ Reported as spam |
| [16:32:11] | * sandrajude[m] has left #farmos () |
| [16:32:42] | <mstenta[m]> | banned! |
| [16:32:54] | <symbioquine[m]> | Yeah, I think both are helpful |
| [16:36:40] | <symbioquine[m]> | Fortunately, `$field_access_result` is getting set to `Drupal\Core\Access\AccessResultAllowed` |
| [16:37:03] | <symbioquine[m]> | So we only need to figure out how to get that `$entity_access_result` to pass |
| [16:37:31] | <symbioquine[m]> | Right now it's `Drupal\Core\Access\AccessResultNeutral Object ( [reason:protected] => The following permissions are required: 'administer assets' OR 'create asset'. [cacheContexts:protected] => Array ( [0] => user.permissions ) [cacheTags:protected] => Array ( ) [cacheMaxAge:protected] => -1 )` |
| [16:46:04] | <paul121[m]> | hmm. I wonder if it would be okay to return TRUE if the user has any `create {bundle} asset` ?? 🤔 |
| [16:46:21] | <symbioquine[m]> | Couldn't we change [this](https://github.com/farmOS/farmOS/blob/b495cdb840bd0bc662c1c57205ebcec8f1...) to use a decorated access handler? |
| [16:47:18] | <paul121[m]> | if they don't, then it would be FALSE. And the `create asset` permission really shouldn't be used anywhere, this is quite the edge case where that permission string is being generated |
| [16:47:23] | <paul121[m]> | symbioquine[m]: yes exactly! |
| [16:49:06] | <paul121[m]> | $permissions = array_map(function ($bundle) { |
| [16:49:06] | <paul121[m]> | return "create $bundle asset"; |
| [16:49:06] | <paul121[m]> | }, $asset_bundles); |
| [16:49:06] | <paul121[m]> | $result = AccessResult::allowedIfHasPermissions($account, $permissions, 'OR'); |
| [16:49:18] | <paul121[m]> | * maybe this?... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/7fe044200f...) |
| [17:02:44] | <symbioquine[m]> | Having some network trouble right now... Once it comes back I'll see if I can get something like that working. |
| [17:18:01] | <symbioquine[m]> | Alternatively, I think it might be possible to implement [`hook_entity_create_access`](https://github.com/drupal/drupal/blob/ecbe3ad37c7648205c6d0825cff4108510...) and use the [`'entity_type_id'` field](https://github.com/drupal/drupal/blob/ecbe3ad37c7648205c6d0825cff4108510...) of the context... |
| [17:21:21] | <paul121[m]> | ah nice, implementing the hook might be better anyways! |
| [17:58:16] | <symbioquine[m]> | <paul121[m]> "ah nice, implementing the hook..." <- I realized the entity bundle is the part that's missing there... |
| [17:58:29] | <symbioquine[m]> | It could be hacked up something like this; |
| [17:58:53] | <symbioquine[m]> | �ACTION sent a php code block: https://libera.ems.host/_matrix/media/r0/download/libera.chat/f4977dda40...� |
| [17:59:23] | <symbioquine[m]> | Which seems to work, but there might be a better strategy than getting the bundle from the URL... |
| [18:00:18] | <symbioquine[m]> | * ```php... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/acf8783900...) |
| [18:14:53] | <paul121[m]> | nice. yes, are you familiar with Route Parameters? |
| [18:15:18] | <paul121[m]> | you should be able to get the route parameters object from Drupal::request() |
| [18:15:44] | <paul121[m]> | I think these jsonapi file routes are created here: https://git.drupalcode.org/project/drupal/-/blob/9.5.x/core/modules/json... |
| [18:16:19] | <paul121[m]> | and the "resource type" route param: https://git.drupalcode.org/project/drupal/-/blob/9.5.x/core/modules/json... |
| [18:18:00] | <paul121[m]> | not sure the best way to identify the "file upload routes" though... maybeee there is some other metadata about these routes you could use? |
| [18:18:12] | <paul121[m]> | if not just your regex! |
| [18:22:07] | <symbioquine[m]> | <paul121[m]> "nice. yes, are you familiar with..." <- Sounds similar to getting parameters from the route match interface. e.g. https://github.com/farmOS/farmOS/blob/04bf771d91cde8276b67090d2b97c4e455... |
| [18:22:47] | <paul121[m]> | yes I think so! |
| [19:02:18] | <symbioquine[m]> | This one's a bit stricter/cleaner;... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/d80a51b0a1...) |
| [19:03:15] | <symbioquine[m]> | * if (empty($entity_type_id) || empty($entity_bundle) || empty($route_match)) { |
| [19:04:25] | <symbioquine[m]> | * This one's a bit stricter/cleaner;... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/9b673109f0...) |
| [19:06:53] | <symbioquine[m]> | * This one's a bit stricter/cleaner;... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/84d57eeb15...) |
| [19:08:33] | <symbioquine[m]> | * This one's a bit stricter/cleaner;... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/a539684e42...) |
| [19:26:05] | <paul121[m]> | That looks great. Assuming it works too? |
