Problem/Motivation

Currently, the "administer {homebox_type} preset" permission is not used for the routing.yml preset routes. Instead, all preset routes in the routing.yml are using "administer homebox types".

Furthermore, it seems that the "HomeboxTypeAccessControlHandler" is missing quite a few operations to access check for. And some of them, like the "entity.homebox.set_default_preset" seems to be implemented in both the "HomeboxTypeAccessControlHandler" and in the routing.yml. Here the routing.yml implementation seems to be favored, which uses the incorrect "administer homebox types" permission.

Steps to reproduce

Proposed resolution

Adjust both the HomeboxTypeAccessControlHandler and the routing.yml to define the right access control without defining duplicate entries.

Remaining tasks

User interface changes

API changes

Data model changes

Issue fork homebox-3439368

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Grevil created an issue. See original summary.

grevil’s picture

grevil commented
Title: The "administer {homebox_type} preset" is not in use » The "administer {homebox_type} preset" permission is not in use
grevil’s picture

grevil commented
Title: The "administer {homebox_type} preset" permission is not in use » The "administer {homebox_type} preset" permission is not used for the routing.yml preset routes
Issue summary: View changes

Note, that this currently doesn't have any major security implications.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Assigned: Unassigned » grevil
Priority: Normal » Minor

Let's also fix this now. Minor as of #3

Grevil opened merge request !43

grevil’s picture

grevil commented
Status: Active » Needs work

Almost finished, will finalize it tomorrow, test fails.

grevil’s picture

grevil commented
Assigned: grevil » Unassigned
Status: Needs work » Needs review

Done! All tests should be green now! :)

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Status: Needs review » Reviewed & tested by the community

Well done, LGTM!

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Status: Reviewed & tested by the community » Fixed

  • Anybody committed b6ba634a on 3.0.x authored by Grevil 
    Issue #3439368 by Grevil, Anybody: The "administer {homebox_type} preset...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.