| [03:35:53] | <RUros[m]> | Hi, today i figured that i cannot upload larger files. I tried to upload picture (.jpg) which was 1,5MB large. Page returned with "Oops, something went wrong. Check your browser's developer console for more details. ". Then I resized picture to around 400 kB and upload was successful. I searched for some kind of parameter for max upload size in settings.php but cannot find anything familiar. |
| [03:36:33] | <RUros[m]> | In general for pictures i could use drupal module for resizing, but what for other files ? |
| [03:39:02] | <RUros[m]> | In settings.php i searched for "max_upload_size (and related: max_post_size)" but unsuccessful. Should these parameters be added manually ? |
| [04:44:32] | <RUros[m]> | And I have also made another observation, where i cannot say if I set it properly: I created new user let's say "user 1", where i want to set permision so it can view all assets, but only edit those who are owned by him (user 1). So I set new role with checked permissions. But what happens: If asset is created by other users (like admin user) and ownership in meta is set to "user 1", then "user 1" can view asset but cannot edit it. But if |
| [04:44:32] | <RUros[m]> | asset is created by "user 1" then "user 1" can also edit it. |
| [04:46:21] | <RUros[m]> | s/if/what/, s/I/is/, s/set it properly/wrong/ |
| [04:47:39] | <RUros[m]> | My understanding is that parameter "Owners" in Meta tab defines this. But like seems this not work in that way. Did I miss something ? |
| [04:50:28] | <RUros[m]> | So conclusion: if asset is created by antoher user, then "user 1" cannot edit it, although owner is set to "user 1" in meta tab of this asset. |
| [05:20:28] | <symbioquine[m]> | <RUros[m]> "Hi, today i figured that i..." <- If you're still using NGINX, you probably need to set `client_max_body_size 20M;` (or whatever the desired max size is if 20 MB is to large/small) |
| [05:20:52] | <symbioquine[m]> | https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body... |
| [05:22:16] | <symbioquine[m]> | <RUros[m]> "And I have also made another..." <- What groups are you assigning to your users? i.e. `farm_manager`, `farm_viewer`, etc? |
| [05:22:35] | <symbioquine[m]> | https://farmos.org/guide/people/ |
| [06:46:36] | <RUros[m]> | for "user 1" assigned role is Viewer (managed) and additional role which i created where i am allowing certain assets to do: create asset, update own asset, delete own asset. |
| [06:50:27] | <symbioquine[m]> | <RUros[m]> "So conclusion: if asset is..." <- I think you'd have to write some custom code to control whether users with your group can edit assets where they are the owner. I don't think that comes out-of-the-box with farmOS... |
| [06:52:00] | <mstenta[m]> | RUros: yes unfortunately the "edit own asset" permission is not related to the "owner" field :-/ |
| [06:52:25] | <mstenta[m]> | The former is a standard Drupal perm related to the original author of the entity |
| [06:52:43] | <mstenta[m]> | The latter is a field specific to farmOS |
| [06:53:05] | <mstenta[m]> | We need to disambiguate that and add more perms for the owner field I agree |
| [06:54:20] | <mstenta[m]> | Perhaps it would be worth changing "edit own asset" to "edit authored asset" or something like that |
| [06:54:47] | <RUros[m]> | ok, thank you for explanation. Yes, maybe it is a little confusing 🙈 |
| [06:55:08] | <mstenta[m]> | Yes it is |
| [06:59:18] | <RUros[m]> | So my "user 1" must be the creator of an asset to be able to edit it, right ? What can I do if already have assets, but were not created by him ? |
| [07:11:46] | <symbioquine[m]> | Some interesting references. still trying to wrap my head around this...... (full message at <https://matrix.org/oftc/media/v1/media/download/Ach2i-8prFK6ejZs7mIOh5E3...) |
| [07:13:00] | <symbioquine[m]> | So I think I'm understanding that the comment in �A� is referring to the "owner" base field added at �B�, not the "owner" field added in �C�... |
| [07:13:39] | <symbioquine[m]> | What I don't see is why those can both be added with apparently the same name 🧐 |
| [07:14:15] | <symbioquine[m]> | (Maybe a dumb question, I might just need more tea to see it... 😅) |
| [07:14:53] | <symbioquine[m]> | * So I think I'm understanding that the comment in �A� is referring to the "owner" base field added at �B� (by the code in �D�), not the "owner" field added in �C�... |
| [07:42:29] | <mstenta[m]> | Not a dumb question... it's super confusing |
| [07:42:40] | <mstenta[m]> | There are two base fields: �uid� and �owner� |
| [07:43:42] | <mstenta[m]> | �uid� is the "owner" from Drupal's perspective, aka author, �owner� is the one we added to represent "asset/log ownership" |
| [07:43:45] | <symbioquine[m]> | I see the �uid� one here: https://github.com/farmOS/farmOS/blob/f8eccce1e4f90f853029366dd0aa1eaa30... |
| [07:44:19] | <mstenta[m]> | Here is the link: https://github.com/farmOS/farmOS/blob/f8eccce1e4f90f853029366dd0aa1eaa30... |
| [07:45:13] | <symbioquine[m]> | Ah, so that creates the mapping that �D� is pulling from when it creates the "owner" (author) base field. |
| [07:45:22] | <mstenta[m]> | Yep |
| [07:45:50] | <mstenta[m]> | If we take away the �owner� field that farmOS added, we would still be left with A, B, and D |
| [07:45:56] | <symbioquine[m]> | Whereas �C� doesn't do any mapping and actually creates a field with the key of literally �owner� |
| [07:46:05] | <mstenta[m]> | Exactly |
| [07:46:19] | <symbioquine[m]> | 🤦♂️ |
| [07:46:42] | <mstenta[m]> | We chose to call �owner� "Owner" because it makes more sense from a user's perspective |
| [07:46:50] | <symbioquine[m]> | Thanks for walking me through that. |
| [07:46:52] | <mstenta[m]> | IMO Drupal's "owner" should be "author" |
| [07:47:54] | <mstenta[m]> | All of this is hidden in the code, and the only place it really reveals itself to site admins/users is in the permissions |
| [07:48:02] | <mstenta[m]> | (and the ambiguity of the word "own") |
| [07:48:17] | <mstenta[m]> | In the permissions, "own" means "author" |
| [07:49:01] | <mstenta[m]> | We could try to disambiguate by changing the permission names |
| [07:49:24] | <mstenta[m]> | But it would probably mean overriding/replacing a bunch of core code |
| [07:51:08] | <mstenta[m]> | And it would be a breaking change |
| [07:51:55] | <mstenta[m]> | I would love to figure out a plan though... it's been in the back of my mind for a long time |
| [07:52:44] | <symbioquine[m]> | Could just be a matter of documenting that under development and linking to it from some strategic comments in the source. |
| [07:52:47] | <mstenta[m]> | We don't really use �uid� for anything... it's mostly just there as a way of tracking who the original author was. |
| [07:52:57] | <mstenta[m]> | So maybe we can hijack the permissions and just rewire stuff to use �owner� instead |
| [07:53:34] | <symbioquine[m]> | mstenta[m]: It sounds like that would be in the direction of what RUros was trying to do. |
| [07:53:38] | <mstenta[m]> | But I imagine there is also a case for having permissions for the original author too |
| [07:54:04] | <mstenta[m]> | Yea agreed - I think that's what a normal person's expectation would be when they read "edit own assets" :-) |
| [07:54:58] | <mstenta[m]> | It would raise questions like: if I create an asset, and assign ownership to someone, can I still view/edit the asset? |
| [07:55:21] | <mstenta[m]> | (Hence why some extra "author" permissions may be necessary) |
| [07:56:56] | <symbioquine[m]> | Seems like we'd need to have some example use-cases for that sort of restricted permission in hand to say - and to say whether that needs to all be automatic or whether an admin can just come re-assign ownership if someone accidentally gives theirs away. |
| [07:57:53] | <mstenta[m]> | Yea |
| [07:58:37] | <mstenta[m]> | Maybe the first step is to review how the �EntityOwnerTrait� works and what it adds/does |
| [07:59:19] | <mstenta[m]> | This goes a bit beyond Drupal core too, FYI... the �entity� module (https://www.drupal.org/project/entity) is responsible for providing all the permissions for custom entity types IIRC |
| [07:59:29] | <mstenta[m]> | (It probably also looks for �EntityOwnerTrait�) |
| [08:07:44] | <mstenta[m]> | (Can we get an LLM to read this chat and start a forum topic for us? 😆) |
| [08:07:55] | <symbioquine[m]> | Ha |
| [08:08:13] | <symbioquine[m]> | I was thinking that we should copy it into a forum topic too |
| [08:20:43] | <mstenta[m]> | Tried duck.ai but it was crappy |
| [08:21:19] | <mstenta[m]> | https://farmos.discourse.group/t/permissions-and-ownership-confusion/2358 |
| [08:34:17] | <symbioquine[m]> | <mstenta[m]> "https://farmos.discourse.group/t..." <- Added an image version of this chat there too for (possibly) easier reading |
| [08:35:25] | <mstenta[m]> | Great! |