I would like to take advantage of the config override system we already have in place, in order to be able to: 1. lock a specific setting for multiple similar config files 2. disallow/override/remove a specific setting when it is an array value.

Use case: as an admin, I would like: - all user roles to have a specific permission, without anyone with access to the permissions page to be able to revoke it. - disallow a specific permission from any user role.

Consider this default example config file of the anonymous role:

    "_config_name": "user.role.anonymous",
    "name": "anonymous",
    "label": "Anonymous",
    "weight": "0",
    "permissions": [
        "access content",
        "access comments",
        "use text format filtered_html"
  • I can do $config['user.role.anonymous']['permissions'] = ...;, but if I wanted that override to cover all existing roles as well as any roles added in the future (for which I don't know the machine name beforehand), then something like $config['user.role.*']['permissions'] = ...; is not possible. In fact, I would like to exclude the admin role from that config override, so although supporting a wildcard * would be a good first step, eventually, I'd need to be able to specify a regex; something like $config['user.role.(?!admin)']['permissions'] = ...;
  • I can do something like $config['user.role.editor']['permissions'] = ...;, but because the permissions are an array within the json file, any value I add would override the entire permissions array. I would like a way to be able to:
    • specify a permission that would be added to the existing permissions in the array
    • specify a permission that would be "removed" if found in the array
GitHub Issue #: