Exported feature with roles not imported when loading module

Question

TLDR; I'd like to export the permissions I've added to the authenticated role, and have them appear on a different server when installing the custom module. However, when I install the module on a fresh server, the permissions for the authenticated user remain as default, but I can see in admin/config/development/features that there are pending changes, and once I import them the settings are correctly applied. Why aren't they applied on loading the module?

Steps to reproduce

First I log into a blank dev site, navigate to admin/people/permissions and add the Article: Create new content permission for the authenticated user (which I know is create article content from looking at the page source in my browser).

I now navigate to admin/config/development/features/edit and select Roles->Authenticate user (authenticated), pick a module name, enable Mark all config as required and click Download Archive.

The result is a module that contains 3 files:

my_module.features.yml

required: true

my_module.info.yml

name: 'my module'
type: module
core: 8.x
dependencies:
  - user

Since I'm using 9.0.7 I changed this to;

name: 'my module'
type: module
core_version_requirement: '^8 || ^9'
dependencies:
  - user

config/install/user.role.authenticated.yml

langcode: en
status: true
dependencies: {  }
id: authenticated
label: 'Authenticated user'
weight: 1
is_admin: false

For some reason Features didn't pick up my permission changes, so I changed this manually to;

langcode: en
status: true
dependencies: {  }
id: authenticated
label: 'Authenticated user'
weight: 1
is_admin: false
permissions:
  - 'create article content'

Now I tried to install the module by copying it to /modules/custom/my_module and running drush en my_module on a completely clean site. However, when I navigate to admin/people/permissions I see this:

When I go to admin/config/development/features/diff/my_module I can see that my features were correctly interpreted, just not applied:

If I now select Import Changes the permissions apply correctly. But why aren't they already applied, when the my_module module is clearly enabled?

I tried playing around with the weight value in user.role.authenticated.yml to no avail (I changed it to 9999 and -9999 but it didn't seem to have any impact).

The fact that I had to modify my user.role.authenticated.yml indicates that something has perhaps gone wrong at the export step, but I don't know enough about the features module to know if these events are related.

Answer 1

This is only a workaround. If leymannx or someone else come up with a better solution I'll mark it as the answer, but in the meantime I thought I'd provide my hack-around to get this working:

my_module.install

<?php

/**
 * @file
 *
 * Install functions for my_module
 */

use Drupal\user\Entity\Role;

/**
 * Implements hook_install().
 *
 * Perform actions to set up the site for this profile.
 *
 * @see system_install()
 */
function my_module_install() {
  $role_object = Role::load('authenticated');
  $role_object->grantPermission('create article content');
  $role_object->save();
}

This causes the permission to be correctly applied.

Answer 2

You need to un-exclude user permissions first.

Go to /admin/config/development/features > Select your bundle > (Tab) Configure Bundles > Alter (Configure) > Uncheck "Strip out user permissions."

Then recreate the feature.

---

I've also already been there. 😁

Answer 3

I would highly suggest you to stop using features and use drush instead You can easily export your config using drush cex -y (cex = config export) and import it using drush cim -y (cim = config import).