Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I'd suggest that we need to introduce a new permission access users overview
that grants access to admin/people, similar to how node.module has a access content overview
permission. This allows for easier management without needing to grant the all powerful administer users permission, or knowing that the create user page is located at /admin/people.
Comments
Comment #1
mrfelton CreditAttribution: mrfelton commentedThis should work, but it's not in mysetup. Well, it works for admin/people/people, but not for admin/people.
Comment #2
mrfelton CreditAttribution: mrfelton commentedOops, here it is against a clean checkout (I had another patch applied when I created that)
Comment #3
mrfelton CreditAttribution: mrfelton commentedActually, this does work perfectly. My issue was because I also had admin_views installed. I resolved by adding the following to my own module:
Comment #4
kaizerking CreditAttribution: kaizerking commentedShould we apply this patch #2 or not?
Comment #5
mrfelton CreditAttribution: mrfelton commentedI think we might need an upgrade path - one that grants the new permission to all users that hav the administer users permission.
Comment #7
ptsimard CreditAttribution: ptsimard commentedHere is a a new patch combining #2 and including the hook in comment #3.
I think that hook should be included in administeruserbyroles and I'm using it with it patched in.
Sorry I have nothing to say at this time relating to the upgrade path issue.
Comment #8
sinasalek CreditAttribution: sinasalek commentedI thinks this is really essential patch, giving administer users permission is too much and can causes security issues.
However it does not seem to work for me.
Also there is another patch that has some overlapping with this one #1717876: Remove dependency on 'Administer users' permission
Comment #9
ptsimard CreditAttribution: ptsimard commentedOh yes, I forgot, I am using the https://www.drupal.org/project/user_settings_access refered in that issue by https://www.drupal.org/node/1717876#comment-8278033 to make this work. I think we should probably patch in what that tiny module does.
Comment #10
AdamPS CreditAttribution: AdamPS commentedComment #11
AdamPS CreditAttribution: AdamPS commentedI intend to fix this as part of #2378869: Meta-issue for Beta 2 release. Please sign up as a follower of that issue and there will shortly be a patch that I would like feedback on.
I have taken the patch from #2, with slight modifications. I test both the new permission and "Administer Users" which reduces issues with losing permission when the module is added. I have also added migration code.
I have not taken the patch from #3 as I don't use that module so can't test it. The code would likely need to be altered a little to work on top of the batch of changes I'm committing. If anyone does have interest in providing the modified patch, please raise as a separate issue as a feature request. I would need a patch based on the code after the beta2 release is published.
Comment #12
AdamPS CreditAttribution: AdamPS commentedComment #13
AdamPS CreditAttribution: AdamPS commentedFix now available in latest release