Permissions defined by modules in Drupal are usually given short names, in plain ASCII-96. Using anything else, like entities, requires caution...
For the upcoming customer support / helpdesk module for a future site, I had defined a set of permissions with names including the >
character, in the
hook_perm
function of the new module.
Such perms appear properly on the admin/access
page in Drupal,
just as expected. But visually, there is no way to store them:
although they can be checked, and Save permissions
claims the permissions are indeed saved, at the next display of the same page,
they're gone. What the heck ?
A quick look at the permission
table shows that the
permissions are indeed inserted in the
perm
field for the chosen rid
(role identifiers).
Debugging
user.module#user_admin_perm()
shows that the permissions are retrieved properly, but the match
tested to define the checkbox status fails. The code is as follows:
What has happened ?
Further examination of the permission
table shows that the entity has been stored decoded (i.e. as >
) instead of being stored as in the module (i.e. as >
). So the test performed by strstr
fails, quite logically, because it matches a decoded string against an encoded one.
What is one to do when using Drupal 4.6.3 ? A chat on the developer's channel suggests permissions should only be given simple english names, made up of plain ASCII alphabetic characters without HTML entities.
For most cases, just supplying the permission in hook_perm
using the decoded entity will be the simplest option if the unusual name
is to remain, but it may not be simple to type : Think about using
 
to avoid word wrap in the permission name.
Do you know how to type this in your favorite text editor ?
It can appear as Â
because its UTF-8 representation
is 0xC2C0
, where C2
happens to be the
iso-8859-1
value for Â
.
Luckily, for >
, the simple >
can be used.
Another option would be to patch user.module
,
by testing against html_entity_decode($role_permissions[$rid])
instead of testing against just $role_permissions[$rid]
.
But as the core is currently mostly frozen until 4.7 comes out,
this will have to be a site-local patch, and there might be a better
solution in the wings.
Till next time...
Tagged for drupal, permissions, and html entities in Technorati.