Hey,

When giving other users permissions to create a new calendar node (in this case, machine name of the content type is event), the permission checks are failing for adding new "events".

Here's the offending lines

fullcalendar_view.theme.inc

if (!empty($user) && $user->hasPermission("create $event_bundle_type " . strtolower($entity_type->getLabel()))) {

So $entity_type->getLabel() is returning "Content".

Hence, the permission being checked against is "create event Content" when it should be "create event content"

Simiar permissions issue in CalendarEventController.php

if (!empty($user) && $user->hasPermission("create $type " . $entity_id)) {

I believe should be
if (!empty($user) && $user->hasPermission("create $type content")) {

Attached a patch.

Cheers.

CommentFileSizeAuthor
#3 fullcalendar_view-3018138-3.patch1.45 KBMingsong
permissions-fix.patch1.23 KBAndrew211
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Andrew211 created an issue. See original summary.

Andrew211’s picture

Andrew211 CreditAttribution: Andrew211 commented
Title: Permissions Issues - Add event doesn't show on calendar from end despite giving user permissions to create events » Permissions Issues - Add event doesn't show on calendar front end despite giving user permissions to create events
Mingsong’s picture

Mingsong
Location 🇦🇺
CreditAttribution: Mingsong commented
FileSize
fullcalendar_view-3018138-3.patch1.45 KB

Hi Andrew,

You are right, it is a bug indeed.

There is just a minor issue with your patch #2.

Since we have to deal with all entities other than node entity, we can't hardcode the permission name as "create $type content".

So upload a new patch that can deal with other entity type in theory.

Mingsong’s picture

Mingsong
Location 🇦🇺
CreditAttribution: Mingsong commented
Status: Active » Needs review

  • Mingsong committed 57e2e5d on 8.x-2.x 
    Issue #3018138 by Andrew211, Mingsong: Permissions Issues - Add event...
dimas2009’s picture

dimas2009 CreditAttribution: dimas2009 commented

Hi Mingsong,

I faced another problem here. If a user has a language different from English (Russian in my case) then $entity_type->getLabel() is translated and thus access in not granted "create $type Содержимое"

jotwede’s picture

jotwede CreditAttribution: jotwede commented

I had the same problem as dimas2009: if language settings is not "English" (in my case: it was German) then double click and "Add event"-link only worked for admins.

I'd suggest to replace the calls of
$getLabel()
by
$getGroup()
both in CalendarEventController.php and in fullcalendar_view.theme.inc.

getGroup() gives the machine name back ... In this case the strtolower call won't be necessary.

  • Mingsong authored 4104847 on 8.x-2.x 
    Issue #3018138 by Andrew211, Mingsong, jotwede: Permissions Issues - Add...
Mingsong’s picture

Mingsong
Location 🇦🇺
CreditAttribution: Mingsong commented

Thanks all for testing.

I believe I fix it for all language with the latest dev version.

If you could test it with the latest dev version for me, that would be great.

Thanks again.

DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna at Mediacurrent commented
Status: Needs review » Fixed

(marking the issue "fixed" per the normal issue workflow)

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.