Issue #3445215 by narendraR, borisson_, mtift, mikelutz, smustgrave, Wim...

Issue #3445215 by narendraR, borisson_, mtift, mikelutz, smustgrave, Wim Leers, alexpott: Add validation constraints to user.role.*

core/modules/config/tests/src/Functional/ConfigDraggableListBuilderTest.php

@@ -59,16 +59,6 @@ public function testDraggableList(): void {
 
     $this->drupalGet('admin/people/roles');
     $this->assertSession()->responseContains('<td>' . Html::escape($role_name));
-
-    // Make sure that NULL weights do not break the list builder. Use the
-    // configuration API so that the value does not get type-casted according to
-    // the configuration schema.
-    \Drupal::configFactory()
-      ->getEditable('user.role.role_0')
-      ->set('weight', NULL)
-      ->save(TRUE);
-    $this->drupalGet('admin/people/roles');
-    $this->assertSession()->statusCodeEquals(200);
   }
 
 }

core/modules/jsonapi/tests/src/Functional/RoleTest.php

@@ -91,7 +91,7 @@ protected function getExpectedDocument() {
           'status' => TRUE,
           'dependencies' => [],
           'label' => 'Llama',
-          'is_admin' => NULL,
+          'is_admin' => FALSE,
           'permissions' => [],
           'drupal_internal__id' => 'llama',
         ],

core/modules/node/tests/src/Kernel/NodeAccessTestBase.php

@@ -58,8 +58,7 @@ protected function setUp(): void {
     $this->installSchema('node', 'node_access');
     $this->installEntitySchema('user');
     $this->installEntitySchema('node');
-    $this->installConfig('filter');
-    $this->installConfig('node');
+    $this->installConfig(['filter', 'node', 'user']);
 
     $this->accessHandler = \Drupal::entityTypeManager()->getAccessControlHandler('node');
 

core/modules/user/config/schema/user.schema.yml

@@ -123,6 +123,8 @@ user.flood:
 user.role.*:
   type: config_entity
   label: 'User role settings'
+  constraints:
+    FullyValidatable: ~
   mapping:
     id:
       type: machine_name
@@ -143,6 +145,9 @@ user.role.*:
       sequence:
         type: string
         label: 'Permission'
+        constraints:
+          Callback:
+            callback: [\Drupal\user\Entity\Role, getAllValidPermissions]
 
 action.configuration.user_add_role_action:
   type: mapping

core/modules/user/src/Entity/Role.php

@@ -88,7 +88,7 @@ class Role extends ConfigEntityBase implements RoleInterface {
    *
    * @var bool
    */
-  protected $is_admin;
+  protected $is_admin = FALSE;
 
   /**
    * {@inheritdoc}
@@ -181,12 +181,11 @@ public static function postLoad(EntityStorageInterface $storage, array &$entitie
   public function preSave(EntityStorageInterface $storage) {
     parent::preSave($storage);
 
-    if (!isset($this->weight) && ($roles = $storage->loadMultiple())) {
+    if (!isset($this->weight)) {
       // Set a role weight to make this new role last.
-      $max = array_reduce($roles, function ($max, $role) {
-        return $max > $role->weight ? $max : $role->weight;
-      });
-      $this->weight = $max + 1;
+      $this->weight = array_reduce($storage->loadMultiple(), function ($max, $role) {
+        return $max > $role->weight ? $max : $role->weight + 1;
+      }, 0);
     }
 
     if (!$this->isSyncing() && $this->hasTrustedData()) {
@@ -265,4 +264,19 @@ public function onDependencyRemoval(array $dependencies) {
     return $changed;
   }
 
+  /**
+   * Returns all valid permissions.
+   *
+   * @return string[]
+   *   All possible valid permissions.
+   *
+   * @see \Drupal\user\PermissionHandler::getPermissions()
+   *
+   * @internal
+   * @todo Revisit in https://www.drupal.org/node/3446364
+   */
+  public static function getAllValidPermissions(): array {
+    return array_keys(\Drupal::service('user.permissions')->getPermissions());
+  }
+
 }

core/modules/user/src/RoleForm.php

@@ -2,6 +2,7 @@
 
 namespace Drupal\user;
 
+use Drupal\Core\Config\Entity\ConfigEntityStorage;
 use Drupal\Core\Entity\EntityForm;
 use Drupal\Core\Form\FormStateInterface;
 
@@ -32,7 +33,7 @@ public function form(array $form, FormStateInterface $form_state) {
       '#required' => TRUE,
       '#disabled' => !$entity->isNew(),
       '#size' => 30,
-      '#maxlength' => 64,
+      '#maxlength' => ConfigEntityStorage::MAX_ID_LENGTH,
       '#machine_name' => [
         'exists' => ['\Drupal\user\Entity\Role', 'load'],
       ],

core/modules/user/tests/src/Functional/Rest/RoleResourceTestBase.php

@@ -56,7 +56,7 @@ protected function getExpectedNormalizedEntity() {
       'dependencies' => [],
       'id' => 'llama',
       'label' => 'Llama',
-      'is_admin' => NULL,
+      'is_admin' => FALSE,
       'permissions' => [],
     ];
   }

core/modules/user/tests/src/Kernel/RoleValidationTest.php

@@ -25,6 +25,8 @@ class RoleValidationTest extends ConfigEntityValidationTestBase {
   protected function setUp(): void {
     parent::setUp();
 
+    $this->installConfig('user');
+
     $this->entity = Role::create([
       'id' => 'test',
       'label' => 'Test',

core/profiles/demo_umami/config/install/user.role.author.yml

@@ -24,7 +24,7 @@ dependencies:
 id: author
 label: Author
 weight: 3
-is_admin: null
+is_admin: false
 permissions:
   - 'access content overview'
   - 'access contextual links'

core/profiles/demo_umami/config/install/user.role.editor.yml

@@ -26,7 +26,7 @@ dependencies:
 id: editor
 label: Editor
 weight: 4
-is_admin: null
+is_admin: false
 permissions:
   - 'access administration pages'
   - 'access content overview'