Unknown operations are allowed if user has edit access [#3209633]

Problem/Motivation

Any operation other than delete/update/view is not checked for in the access control handler. If a user has edit permissions then they also have permission to do any other operation due to the ternary.

Found when developing https://www.drupal.org/project/microcontent_revision_ui

Comment	File	Size	Author
#2	3209633-2.patch	3.66 KB	acbramley
#2	3209633-2-test-only.patch	1.02 KB	acbramley

Comments

Comment #1

19 April 2021 at 23:14

acbramley created an issue. See original summary.

Comment #2

acbramley commented 19 April 2021 at 23:15

Status:

Active

» Needs review

Status	File	Size
new	3209633-2-test-only.patch	1.02 KB
new	3209633-2.patch	3.66 KB

Comment #3

19 April 2021 at 23:52

larowlan committed 35d51bd on 8.x-1.x authored by acbramley

Issue #3209633 by acbramley: Unknown operations are allowed if user has...

Comment #4

larowlan

🇦🇺🏝.au GMT+10

commented 19 April 2021 at 23:53

Status:

Needs review

» Fixed

This will go out as beta6, thanks

Comment #5

3 May 2021 at 23:18

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Unknown operations are allowed if user has edit access

Problem/Motivation

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

News items

Our community

Documentation

Drupal code base

Governance of community