On the SCE test website (https://test-sce.web.cern.ch/), I have created 2 roles with specific permissions:
- “Access e-group” role that can see published content
- “Content editors” role that can create various content.
I followed the instructions described in Roles and permissions | Drupal @ CERN
I have added the appropriate e-group in the “automatic role population from simpleSAMLphp attributes”
On the 30/09, a colleague that is in the e-group SCE-DEP-D-P-General (role Access e-group) confirmed that she could access the site. Today, she does not have access, even though I did not modify anything.
My service account is in the e-group drupal-content-admin-sce (role Content editors) and I can access the site.
Do you know why the role Access e-group is not working anymore?
Anybody able to help me with this?
Whilst I am not familiar with your specific setup, I do note that you seem to have relied on the
SimpleSAMLphp module to achieve your desired functionality. Please be advised that this module has been retired on the new infrastructure for security reasons. It has been replaced by OpenID Connect (https://www.drupal.org/project/openid_connect).
I am a bit confused by your answer for 2 reasons:
The guide you followed is no longer valid (indeed, the whole drupal-tools website is scheduled for a major overhaul in light of the migration to OpenShift and subsequent upgrade to Drupal 9: We simply have not yet had the time to do so, however). Please see https://drupal-community.web.cern.ch/t/setup-authorization-access-to-drupal-site/1137 instead. We apologise for the inconvenience.
our SCE test website (https://test-sce.web.cern.ch/) does not appear in the list of projects in the OpenShift console.
Can I just add it myself by creating a new project?
The production website is running within the
I cannot immediately see your
test-sce website, however. How did you create this?
I created it to be my test website of the SCE-DEP website.
Is this a test website from the old infrastructure by any chance?
Can you confirm whether you created it through https://webservices-portal.web.cern.ch/ please?
I believe that I created it when I created the “official” SCE website.
I am pretty sure I created via CERN Web Services because I dont know any other way to do it
Is there any issues here?
We have been working hard in the last few weeks to migrate the content of the SMB website to the test SCE website and our plan is to clone the test SCE website to the SCE website. And this should happen tomorrow.
So if you foresee any issues with our plan, I would appreciate your help and guidance!
I am afraid this is not how you are supposed to do it.
As outlined here https://drupal-community.web.cern.ch/t/create-a-test-site/1345, https://drupal-community.web.cern.ch/t/create-a-drupal-9-clone/1346, and at https://drupal-tools.web.cern.ch/create-a-clone-or-test-website, creation of test and clone websites is done through the Webservices Portal https://webservices-portal.web.cern.ch/.
Creating a website like you have done, through the old infrastructure, means that your website is on the old infrastructure and not on OpenShift. This also means that you are unable to use the Upgrade Status report as outlined at https://drupal-tools.web.cern.ch/how-to-prepare-your-website-its-drupal-9-upgrade to confirm your progress and changes. This is further the reason why you cannot see it on OpenShift. You are unable to add it yourself.
If you can confirm that your
test-sce website has all the necessary changes to be compliant with Drupal 9 (though I am not sure how you can confirm this without the Upgrade Status report), we might be able to migrate first your test website to OpenShift and then clone to production, or possibly clone it directly on to your production site. This is by no means standard procedure, however.