Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Problem/Motivation
On the vocabularies page (/admin/structure/taxonomy
) the "add terms" operation is present without checking if the current used is able to add terms.
True, by default, if you are on that page you have administer taxonomy
permissions. The same permissions are needed to add terms (off-topic: this is bad!). But in the case a contrib module implements different access check for adding terms, this needs to be verified before adding the link in operations.
Proposed resolution
Fix it.
Remaining tasks
None.
User interface changes
None.
API changes
None.
Data model changes
None.
Comment | File | Size | Author |
---|---|---|---|
#6 | 2845021-6.patch | 1 KB | claudiu.cristea |
#2 | 2845021-2.patch | 1.01 KB | claudiu.cristea |
add_terms.png | 84.75 KB | claudiu.cristea |
Comments
Comment #2
claudiu.cristeaComment #4
claudiu.cristeaDuplicate of #2650898: ListBuilders do not check $entity->access() for operation links.
Comment #5
claudiu.cristeaComment #6
claudiu.cristeaReroll.
Comment #7
claudiu.cristea