Problem/Motivation

In \Drupal\group_action\Plugin\Action\GroupActionBase::access there are permission checks for any and own. But if both return false, the user could still have the admin permission for that permission provider inside the group. This is not about the global admin role outside the group, it is a special admin permission for the current type of relationships.

Proposed resolution

Add the check for the admin permission.

Issue fork group_action-3516855

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

jurgenhaas created an issue. See original summary.

jurgenhaas opened merge request !2

jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented
Status: Active » Needs review

  • jurgenhaas committed 7469f7cf on 1.0.x 
    Issue #3516855 by jurgenhaas: Access does not check for admin permission
mxh’s picture

mxh commented
Version: 1.2.0 » 1.0.x-dev
Status: Needs review » Fixed

Makes sense, thanks for reporting and providing an immediate fix.

jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented

My pleasure. Would you mind assigning issuecredits as well?

mxh’s picture

mxh commented

Sure. Weird that this doesn't get automatically detected. I now checked you in the credit list, let me know if that's not the right way or how to do it.

jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented

Thank you, that's now correct.

Issue credits have to be given manually by the maintainer. There had been automatic ways in the past, but they have been too easy to be gamed, so they have all been turned off.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.