Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Two related bugs:
- The menu callback for creating a changeset uses the wrong permission check; it assumes you need "administer changesets" permission to create changesets, but that's actually just the default behavior. It should check the full entity access system instead.
- The link for adding a changeset does not do a permission check before being displayed, so sometimes it can be displayed to users who won't have access if they click on it.
Comment | File | Size | Author |
---|---|---|---|
#1 | cps-add-access-2456115-1.patch | 1020 bytes | David_Rothstein |
Comments
Comment #1
David_Rothstein CreditAttribution: David_Rothstein at Tag1 Consulting commentedHere is a patch.
Comment #3
merlinofchaos CreditAttribution: merlinofchaos commentedComment #6
David_Rothstein CreditAttribution: David_Rothstein as a volunteer commentedTestbot weirdness.