Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If a user role doesn't have permission to use the akamai module it is still appearing in the configuration dropdown for all users. They're not able to access the page but it would be a better user experience if they just didn't see it.
This is in conjunction with admin_toolbar_links_access_filter
Comment | File | Size | Author |
---|---|---|---|
#7 | Selection_628.png | 8.69 KB | schiavone |
#7 | akamai-menu-links-appearing-3128033-7.patch | 681 bytes | schiavone |
#2 | akamai-menu-links-appearing-3128033-2.patch | 1.09 KB | smustgrave |
|
Issue fork akamai-3128033
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
smustgrave CreditAttribution: smustgrave commentedComment #3
smustgrave CreditAttribution: smustgrave commentedComment #4
WidgetsBurritos CreditAttribution: WidgetsBurritos at Rackspace commented@smustgrave,
I'm trying to understand what exactly is happening here. Why does renaming the menu link impact this? Is it something admin_toolbar is looking for, or is it something else in core? I don't have a dev instance running right in front of me at the moment so I can't test right this second, but it's not immediately obvious to me how this fixes the issue.
I'm totally fine with the change, I'm just trying to figure out what this actually does.
Comment #5
smustgrave CreditAttribution: smustgrave commentedIt's something to do with naming convention. This wasn't a big issue but we had users who did not have access to use the module seeing the module appear on the configuration page.
Comment #6
smustgrave CreditAttribution: smustgrave commentedSorry for the delay.
I believe the issue was because the route_name and link names didn't match. It was at first flagged by our team has a security risk. Because users without the proper role had Akamai settings as an option in their menu but luckily they never could actually access it. But as a better user experience we did want to hide it.
Comment #7
schiavone CreditAttribution: schiavone at CivicActions for Centers for Medicare and Medicaid Services commentedHere's a Drupal 9 version of the patch.
Before patching the admin menu does not contain the Akamai menu item. After the patch the admin menu included a /Config/Akamai link and links for Akamai Cache Clear and Akamai Settings under the Akamai menu item.
Comment #9
WidgetsBurritos CreditAttribution: WidgetsBurritos at Rackspace commentedSo I spent some time digging into this and the solutions in #2 and #7 aren't the correct approach. The issue is that the akamai.routing.yml file had this permission requirement: "access administration pages". So I've switched it to "administer akamai+purge akamai cache" to check for either of the relevant permissions.
I've also taken the opportunity of this issue to cleanup some other stuff related to permissions.
Comment #12
WidgetsBurritos CreditAttribution: WidgetsBurritos at Rackspace commentedComment #13
WidgetsBurritos CreditAttribution: WidgetsBurritos at Rackspace commented