Limited permissions for custom content entities, no bundle perms

[betz]

Issue title

[standard] Limited permissions for custom content entities

Problem/Motivation

When creating a custom content entity, the permission are limited to the whole entity.
It would be nice if we could have a permission that limits on bundle.
Like 'Create new bundlexyz entity'

[jmolivas]

@betz Any link to the docs or a code snippet we can use to implement

[betz]

well, i just created a custom content entity called 'Booking' console.
on the permissions page i find:

• Create new Booking entities
• Delete Booking entities
• Delete all revisions
• Edit Booking entities
• Revert all Booking revisions
• View all Booking revisions
• View published Booking entities
• View unpublished Booking entities

Nothing about a bundle, like node has.

• Article: Create new content
• Article: Delete any content
• ...

[LOBsTerr]

As far as I see node module provides this functionality - to have specific permissions per content type. Node module also handles it a custom way. I'm not sure we want to have such complex case in the content entity generation command

[enzolutions]

I agree with @LOBsTerr closing this issue. feel free to request to reopen if you have a strong use case.

[clemens-tolboom]

I'm trying to get permission_granularity = "bundle" for my custom entity. AFAIK there is no documentation on what is needed.

Core bundle permissions

modules/taxonomy/src/Entity/Term.php
68: * permission_granularity = "bundle",

modules/node/src/Entity/Node.php
72: * permission_granularity = "bundle",

modules/media/src/Entity/Media.php
71: * permission_granularity = "bundle",

Contrib bundle permissions

Not sure how to find those apart from google which did not help.

Unfortunately https://www.drupal.org/project/examples has entity_type.

So please reopen :-)

[clemens-tolboom]

We need to copy ie core/modules/media/src/MediaAccessControlHandler.php

• Add switch --permission_granularity [bundle|entity_type] to command chain for EntityContentGenerator
• Adjust templates/module/src/accesscontrolhandler-entity-content.php.twig to generate fine grained permissions
• Add permission_granularity to templates/module/src/Entity/entity-content.php.twig

Guess I missed some steps

[jmolivas]

@enzolutions ^^

[clemens-tolboom]

• vendor/drupal/console/templates/module/src/Controller/entity-controller.php.twig has permissions too

[clemens-tolboom]

• Something similar to \Drupal\node\NodePermissions for when creating a new entityType it's permissions are made available too.
• this is called from core/modules/node/node.permissions.yml:27 permission_callbacks

Quite some work :-p

[clemens-tolboom]

I have now a WIP PR #4138 to indicate I'm working on it and get test results (if any).

[clemens-tolboom]

Hmmm ... not sure why my second commit is not added to the PR #4138. Anyone?

Guess it was a hickup as my 3rd commit triggered the PR

[enzolutions]

Let us know when is ready to test, we would like to include in Sep release 1.9.3

[clemens-tolboom]

I'll do my best. 3 tasks to check in #4138 :-)

[clemens-tolboom]

I removed WIP from #4138 as it looks OK to me. It does contain PR #4139

[clemens-tolboom]

@enzolutions please review my PR #4138 :)

[enzolutions]

Thanks, @clemens-tolboom we will check in a week-ish