Access to
admin/content/types/story depends on the administer content types permission, but access to
admin/content/types/story/access on the administer nodes permission. This means that some users may have access to the latter, but they won't find it because they're denied access to the former.

Or worse, the administrator thinks he has blocked access to
Administer » Content management » Content types » Xxx » Access control
by removing the administer content types permission, but it's still accessible to those who know the path.

This

        $items[] = array(
          'path' => 'admin/content/types/'. arg(3) .'/access',
          'title' => t('Access control'),
          'description' => t('Configure content access control.'),
          'callback' => 'drupal_get_form',
          'callback arguments' => array('content_access_admin_settings', $type),
          'access' => user_access('administer nodes'),
          'type' => MENU_LOCAL_TASK,
          'weight' => 2,
        );

in content_access_menu() should probably be changed to also check administer content types.

CommentFileSizeAuthor
content_access.20070815.patch.txt829 bytessalvis
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

fago’s picture

Status: Needs review » Fixed

thanks, committed.

Anonymous’s picture

Status: Fixed » Closed (fixed)