If a user role doesn't have permission to use the akamai module it is still appearing in the configuration dropdown for all users. They're not able to access the page but it would be a better user experience if they just didn't see it.

This is in conjunction with admin_toolbar_links_access_filter

CommentFileSizeAuthor
#7 Selection_628.png8.69 KBschiavone
#7 akamai-menu-links-appearing-3128033-7.patch681 bytesschiavone
#2 akamai-menu-links-appearing-3128033-2.patch1.09 KBsmustgrave

Issue fork akamai-3128033

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

smustgrave created an issue. See original summary.

smustgrave’s picture

smustgrave CreditAttribution: smustgrave commented
FileSize
akamai-menu-links-appearing-3128033-2.patch1.09 KB
smustgrave’s picture

smustgrave CreditAttribution: smustgrave commented
Status: Active » Needs review
WidgetsBurritos’s picture

WidgetsBurritos CreditAttribution: WidgetsBurritos at Rackspace commented

@smustgrave,

I'm trying to understand what exactly is happening here. Why does renaming the menu link impact this? Is it something admin_toolbar is looking for, or is it something else in core? I don't have a dev instance running right in front of me at the moment so I can't test right this second, but it's not immediately obvious to me how this fixes the issue.

I'm totally fine with the change, I'm just trying to figure out what this actually does.

smustgrave’s picture

smustgrave CreditAttribution: smustgrave commented

It's something to do with naming convention. This wasn't a big issue but we had users who did not have access to use the module seeing the module appear on the configuration page.

smustgrave’s picture

smustgrave CreditAttribution: smustgrave commented

Sorry for the delay.

I believe the issue was because the route_name and link names didn't match. It was at first flagged by our team has a security risk. Because users without the proper role had Akamai settings as an option in their menu but luckily they never could actually access it. But as a better user experience we did want to hide it.

schiavone’s picture

schiavone CreditAttribution: schiavone at CivicActions for Centers for Medicare and Medicaid Services commented
FileSize
akamai-menu-links-appearing-3128033-7.patch681 bytes
Selection_628.png8.69 KB

Here's a Drupal 9 version of the patch.

Before patching the admin menu does not contain the Akamai menu item. After the patch the admin menu included a /Config/Akamai link and links for Akamai Cache Clear and Akamai Settings under the Akamai menu item.

Akamai in admin menu

WidgetsBurritos opened merge request !3

WidgetsBurritos’s picture

WidgetsBurritos CreditAttribution: WidgetsBurritos at Rackspace commented

So I spent some time digging into this and the solutions in #2 and #7 aren't the correct approach. The issue is that the akamai.routing.yml file had this permission requirement: "access administration pages". So I've switched it to "administer akamai+purge akamai cache" to check for either of the relevant permissions.

I've also taken the opportunity of this issue to cleanup some other stuff related to permissions.

WidgetsBurritos credited bighappyface.

WidgetsBurritos’s picture

WidgetsBurritos CreditAttribution: WidgetsBurritos at Rackspace commented
WidgetsBurritos’s picture

WidgetsBurritos CreditAttribution: WidgetsBurritos at Rackspace commented
Version: 8.x-3.0-alpha7 » 4.x-dev
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.