Just found out anonymous user can access settings page: admin/settings/userpoints . I just skim through the code looks like it's a typo, this simple patch should fix it.

BTW: What's the use of USERPOINTS_PERM_USE? looks like it's not used anywhere. Is it for future work where certain users/roles can be exmpted from earning points?

CommentFileSizeAuthor
userpoints_acces_0.patch479 bytesdami

Comments

kbahey’s picture

kbahey commented
Version: 5.x-1.0 » master
Status: Needs review » Fixed

Committed to HEAD and 5.0-dev

Thanks

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)