The Back-office Access Restriction module allows to deny access to specific administration pages even for users with permission to access them. This module is intended to be installed on production sites so that some sensitive pages can no more be accessed. Such pages could be:

  • Extend
  • Extend > Uninstall
  • People > Permissions

This module has no configuration page. And it should not! It is intended for developers that will need to edit their services.yml file.
By default the Extend page will return a 403 response but you can define any other specific route by providing the backoffice_access_restriction.routes service parameter in the sites/default/services.yml file.
Example:

parameters:
  backoffice_access_restriction.routes:
    - system.modules_list
    - system.modules_uninstall
    - user.admin_permissions

Back-office Access Restriction

git clone --branch 8.x-1.x https://git.drupal.org/project/back_office_access_restriction.git
cd back_office_access_restriction

I'm also a maintainer of the Admin Toolbar module.

Comments

romainj created an issue. See original summary.

romainj’s picture

Title: Back-office Access Restriction [D8] » [D8] Back-office Access Restriction
Deepthi kumari’s picture

Hi,
Fixed Coding Standard Errors. Applied the patch,needs review.

altagrade’s picture

I see the following error on https://pareview.sh/pareview/https-git.drupal.org-project-back_office_ac...

FILE: ...b/vendor/drupal/pareviewsh/pareview_temp/src/Routing/RoutesAlter.php
--------------------------------------------------------------------------
FOUND 3 ERRORS AFFECTING 3 LINES
--------------------------------------------------------------------------
 15 | ERROR | Missing short description in doc comment
 23 | ERROR | Missing parameter comment
 32 | ERROR | Public method name "RoutesAlter::AlterRoutes" is not in
    |       | lowerCamel format
--------------------------------------------------------------------------

Time: 179ms; Memory: 4Mb
romainj’s picture

@Deepthi kumari Thanks for the patch.

romainj’s picture

Status: Needs review » Fixed
elc’s picture

Status: Fixed » Needs review

I believe this issue should be on Needs Review until the project has been reviewed, or this process will not proceed at all. The reviewer will set it to either Needs Work or RTBC.

romainj’s picture

Issue summary: View changes
avpaderno’s picture

Priority: Normal » Critical
sleitner’s picture

Priority: Critical » Normal
Status: Needs review » Needs work

Automated Review

Review of the 8.x-1.x branch (commit 427fc6a):

  • No automated test cases were found, did you consider writing PHPUnit tests? This is not a requirement but encouraged for professional software development.

This automated report was generated with PAReview.sh, your friendly project application review script.

Manual Review

Individual user account
Yes: Follows the guidelines for individual user accounts.
No duplication
Yes: Does not cause module duplication and/or fragmentation.
Master Branch
Yes: Follows the guidelines for master branch.
Licensing
Yes: Follows the licensing requirements.
3rd party assets/code
Yes: Follows the guidelines for 3rd party assets/code.
README.txt/README.md
Yes: Follows the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
No: Does not follow the guidelines for project length and complexity
Secure code
Yes: Meets the security requirements.
Coding style & Drupal API usage
  1. (+) Add configuration example from project page to README.txt

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

romainj’s picture

@sleitner that's ok. I changed the README.txt file accordingly.

sleitner’s picture

Status: Needs work » Reviewed & tested by the community
avpaderno’s picture

Assigned: Unassigned » avpaderno
Status: Reviewed & tested by the community » Fixed

Thank you for your contribution!
I am going to update your account so you can opt into security advisory coverage now.
These are some recommended readings to help with excellent maintainership:

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.