I have a date field (birthdate) on my user entity. (required input)
I have 3 roles: Administrator (built-in), Profile Completed (custom), User administrator (custom)
I have configured the "birthdate" field so the "Profile Completed"-role can create/edit his/her own values, the "Administrator"-role can do everything, and the "User administrator"-role has no access whatsoever on the "birthdate" field.

For "Administrator"-role and "Profile Completed"-role everything works as expected.

For the "User administrator"-role you are required to complete the "birthdate" field when editing your own profile, when it is not even on the form...

Have I missed some configuration? Is this expected behaviour?

Comments

weseze created an issue. See original summary.

weseze’s picture

weseze CreditAttribution: weseze commented
Issue summary: View changes
jhedstrom’s picture

jhedstrom
Primary language English
Location Portland, OR
CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented
Status: Active » Closed (works as designed)

Unfortunately, any role marked as 'administrator' skips all access checks, so this module's code and permissions aren't even called:

From \Drupal\user\Entity\Role

  public function hasPermission($permission) {
    if ($this->isAdmin()) {
      return TRUE;
    }
    return in_array($permission, $this->permissions);
  }