From 90d534fce8fc571be58e1c78f43bd9c0428a3457 Mon Sep 17 00:00:00 2001
From: Lee Rowlands <lee.rowlands@previousnext.com.au>
Date: Mon, 20 Feb 2023 10:52:48 +1000
Subject: [PATCH] Issue #3039499 by alexpott, acbramley: Role permissions not
 sorted in config export

(cherry picked from commit 6b5efdc1169faf7cc85fbb085c5b80cf7ffb1a95)
---
 core/modules/user/config/schema/user.schema.yml    |  1 +
 core/modules/user/src/Entity/Role.php              |  6 ------
 .../user/tests/src/Kernel/UserRoleEntityTest.php   | 12 ++++++++++++
 core/modules/user/user.post_update.php             | 14 ++++++++++++++
 4 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/core/modules/user/config/schema/user.schema.yml b/core/modules/user/config/schema/user.schema.yml
index 99285373c3d1..b778163bf5c0 100644
--- a/core/modules/user/config/schema/user.schema.yml
+++ b/core/modules/user/config/schema/user.schema.yml
@@ -122,6 +122,7 @@ user.role.*:
     permissions:
       type: sequence
       label: 'Permissions'
+      orderby: value
       sequence:
         type: string
         label: 'Permission'
diff --git a/core/modules/user/src/Entity/Role.php b/core/modules/user/src/Entity/Role.php
index 7e38a43e5a2a..1219cef9ef18 100644
--- a/core/modules/user/src/Entity/Role.php
+++ b/core/modules/user/src/Entity/Role.php
@@ -185,12 +185,6 @@ public function preSave(EntityStorageInterface $storage) {
       });
       $this->weight = $max + 1;
     }
-
-    if (!$this->isSyncing()) {
-      // Permissions are always ordered alphabetically to avoid conflicts in the
-      // exported configuration.
-      sort($this->permissions);
-    }
   }
 
   /**
diff --git a/core/modules/user/tests/src/Kernel/UserRoleEntityTest.php b/core/modules/user/tests/src/Kernel/UserRoleEntityTest.php
index 492fdac20fae..c2d6b6d7ba29 100644
--- a/core/modules/user/tests/src/Kernel/UserRoleEntityTest.php
+++ b/core/modules/user/tests/src/Kernel/UserRoleEntityTest.php
@@ -45,4 +45,16 @@ public function testGrantingNonExistentPermission() {
       ->save();
   }
 
+  public function testPermissionRevokeAndConfigSync() {
+    $role = Role::create(['id' => 'test_role', 'label' => 'Test role']);
+    $role->setSyncing(TRUE);
+    $role->grantPermission('a')
+      ->grantPermission('b')
+      ->grantPermission('c')
+      ->save();
+    $this->assertSame(['a', 'b', 'c'], $role->getPermissions());
+    $role->revokePermission('b')->save();
+    $this->assertSame(['a', 'c'], $role->getPermissions());
+  }
+
 }
diff --git a/core/modules/user/user.post_update.php b/core/modules/user/user.post_update.php
index f1b6da9bc9c1..e87f6ffcf392 100644
--- a/core/modules/user/user.post_update.php
+++ b/core/modules/user/user.post_update.php
@@ -5,6 +5,9 @@
  * Post update functions for User module.
  */
 
+use Drupal\Core\Config\Entity\ConfigEntityUpdater;
+use Drupal\user\Entity\Role;
+
 /**
  * Implements hook_removed_post_updates().
  */
@@ -14,3 +17,14 @@ function user_removed_post_updates() {
     'user_post_update_update_roles' => '10.0.0',
   ];
 }
+
+/**
+ * Ensure permissions stored in role configuration are sorted using the schema.
+ */
+function user_post_update_sort_permissions(&$sandbox = NULL) {
+  \Drupal::classResolver(ConfigEntityUpdater::class)->update($sandbox, 'user_role', function (Role $role) {
+    $permissions = $role->getPermissions();
+    sort($permissions);
+    return $permissions !== $role->getPermissions();
+  });
+}
-- 
GitLab