Access to
admin/content/types/story
depends on the administer content types permission, but access to
admin/content/types/story/access
on the administer nodes permission. This means that some users may have access to the latter, but they won't find it because they're denied access to the former.
Or worse, the administrator thinks he has blocked access to
Administer » Content management » Content types » Xxx » Access control
by removing the administer content types permission, but it's still accessible to those who know the path.
This
$items[] = array(
'path' => 'admin/content/types/'. arg(3) .'/access',
'title' => t('Access control'),
'description' => t('Configure content access control.'),
'callback' => 'drupal_get_form',
'callback arguments' => array('content_access_admin_settings', $type),
'access' => user_access('administer nodes'),
'type' => MENU_LOCAL_TASK,
'weight' => 2,
);
in content_access_menu() should probably be changed to also check administer content types.
Comment | File | Size | Author |
---|---|---|---|
content_access.20070815.patch.txt | 829 bytes | salvis |
Comments
Comment #1
fagothanks, committed.
Comment #2
(not verified) CreditAttribution: commented