Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Now anonymous user can see listing page, because he also has permission "view any {$entityTypeId} entities". Also I think we don't need show this page for users with perms: "view own {$entityTypeId} entities", because it's admin page. For this pages we have permissions "access {$entityTypeId} entity listing" and it should be enough.
Comment | File | Size | Author |
---|---|---|---|
#4 | eck-3050197-4.patch | 1.17 KB | Matroskeen |
| |||
#2 | anon_user_shouldnt_see_listing_page-3050197-2.patch | 475 bytes | dima.iluschenko |
Comments
Comment #2
dima.iluschenkoAttached a patch.
Comment #3
legolasbotests fail
Comment #4
MatroskeenI think the patch makes sense - view to the listing page should be controlled by "access {entity_type_id} entity listing" permission.
Here is a new one with test correction.
Let's see the test results.
Comment #6
MatroskeenCommitted to 8.x-1.x.
Thanks @dima.iluschenko, @legolasbo.