Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
Currently the admin permission for the fragment_type entity is "administer site configuration". Not sure if this is done intentionally, but there is also an unused permission "administer fragment types" in the module.
Proposed resolution
It is probably better to use a custom "administer fragment types" permission instead of a generic permission "administer site configuration". Specially since it already exists :)
Release note snippet
In previous versions, the module used the administer site configuration permission to control access to administering fragments types. The module also included a permission "administer fragment types", but it didn't do anything. Please review your roles and make sure that any roles that need to be able to administer fragment types have the "administer fragment types" permission.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | 3267668-2.patch | 482 bytes | seanb |
Issue fork fragments-3267668
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #2
seanbPatch is attached.
Comment #4
eelkeblokThanks. I agree this must be an oversight. I was wondering if it would make sense to do an update hook, but given that the permission already exists, people may already be relying on it and auto-assigning it to roles that only have "administer site configuration" is probably a bad idea.
Added release notes snippet.
Comment #5
seanbYeah, also not sure if this is worth the update hook effort. I think creating new fragment types is something developers (or at least people with a lot of permissions) do most of the time anyway.
Comment #7
eelkeblok