fix/3.x 446 facets view update remove canioncal route #447
Conversation
Since this route is unlikly to need to be directly viewable.
Grants them the 'view directory facets' permission restoring directory facets after update to facets 3.0.1
|
Have been attempting to test. Both with and without the changes here I observe on a clean copy locally with demo content as user 1 empty directories channels with only the search box visible. Content appears to have installed and reference the channels with no errors apparent. |
|
@tonypaulbarker I found that on fresh installs the directory search index needs to be run via search api. |
|
@andybroomfield of course, that’s probably it. Thanks! |
|
The permission change appears to resolve the underlying issue tested on a fresh demo install. There doesn't seem to be a material change for anonymous users. They appear to get a 'page not found' response instead of 'access denied' when visiting, say /admin/content/directories/facets/5. I don't reckon that makes a whole lot of difference to performance in terms of logging and crawlers. There is a problem for editors, however and the answer to "Would anyone actually visit this page?" looks to be "yes": The website encountered an unexpected error. Try again later. Drupal\Core\Entity\Exception\UndefinedLinkTemplateException: No link template 'canonical' found for the 'localgov_directories_facets' entity type in Drupal\Core\Entity\EntityBase->toUrl() (line 211 of core/lib/Drupal/Core/Entity/EntityBase.php). Instead of the proposed changes could a role check for these routes work instead? I think we only care about accessing the facet for anonymous users? |
tonypaulbarker
left a comment
tonypaulbarker
left a comment
There was a problem hiding this comment.
We need to address the above error when adding or updating facets
Fix > Drupal\Core\Entity\Exception\UndefinedLinkTemplateException: > No link template 'canonical' found for the 'localgov_directories_facets Raised when saving entity. (Note: this only effects saving the facet, any call to $entity->toLink()->toRenderable() will fail because no canonical link is defined.
|
@tonypaulbarker I found the culprit to this was that we generate a logger entry when a facet is saved and add a link to view the entity, which is no longer there. I've updated so we link to edit it now. 
That allows facets to be edited and saved again. $entity->toLink()->toRenderable()will fail with a directory facet with this change, because no canonical route is defined, and this is the default returned. It looks like it's quite common to remove unwanted canonical routes from entities if there not meant to have user facing pages. Sounds like this needs a bit of discussion to go forward. Mean time we should recommend sites enable the view directory facets permission, even at the cost of the page being visible as otherwise they cannot upgrade to facets 2.0.10 or facets 3.0.1 and will have security warnings. We can then decide if it is this solution or the solution I implemented for Alert banner which we forward with. |
|
If we go ahead with this we should add a test? |
|
@tonypaulbarker testing again... once tested, if all OK, we're happy to go ahead and get this out asap so people don't lose their facets. |
tonypaulbarker
left a comment
tonypaulbarker
left a comment
There was a problem hiding this comment.
The add and edit issue looks resolved. Thanks @andybroomfield
Fix #446
What does this change?
Allow anonymous and authenticated users to view directory facets again, after the security update to facets 3.0.1 / 2.0.10
How to test
How can we measure success?
Directory facets are viewable again.
Have we considered potential risks?
Some sites might be using the directory facets canonical route.
Images
Before:
After:
Accessibility
n/a