Would it be posable in the next version to add permission control that would allow an admin user of a site the ability to decide which roles have access to the administration page for the Admin Role module, currently any user that has access to administration pages can access and change the Admin Role.

Thanks,
From: Azz McH

CommentFileSizeAuthor
#4 615336-adminrole-D7sync-D6.patch5.05 KBdave reid

Comments

aaronmchale’s picture

aaronmchale
Primary language English
Location Edinburgh, Scotland
commented
Title: Permission Controls » Permission Controls using Admin Role module
Status: Active » Needs review
dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

Seems fair that the 'administer users' should be the permission for the adminrole page. This would match the D7 behavior:

  $items['admin/config/people/accounts'] = array(
    'title' => 'Account settings',
    'description' => 'Configure default behavior of users, including registration requirements, e-mails, and user pictures.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_settings'),
    'access arguments' => array('administer users'),
    'file' => 'user.admin.inc',
    'weight' => -10,
  );
dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Status: Needs review » Active

No patch = active

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Title: Permission Controls using Admin Role module » Sync module with D7-implementation for upgrading ease.
Version: 6.x-1.1 » 6.x-1.x-dev
Assigned: Unassigned » dave reid
Category: feature » task
StatusFileSize
new 615336-adminrole-D7sync-D6.patch5.05 KB

People should be able to upgrade from D6 + adminrole.module to plain D7 without losing functionality. That will entail:

1. Moving the admin role select box to the admin/user/settings page and getting rid of the page callbacks.
2. Renaming the adminrole_adminrole variable to user_admin_role.
3. Other misc cleanups.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Status: Active » Needs review
Leeteq’s picture

Leeteq commented

As discussed here;
"Adminrole security hole: admins can assign themselves full permissions"
http://drupal.org/node/375954#new
- this is not only for "upgrading ease".

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Status: Needs review » Fixed

Fixed in CVS.

aaronmchale’s picture

aaronmchale
Primary language English
Location Edinburgh, Scotland
commented
Title: Sync module with D7-implementation for upgrading ease. » Admin Role - Permissions and Sync module with D7-implementation for upgrading ease.

All I want to know is, will this be fixed in a new release? Including http://drupal.org/node/375954.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

Yes it will.

aaronmchale’s picture

aaronmchale
Primary language English
Location Edinburgh, Scotland
commented

Good, when will the new release be available?

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

When I'm finished? Probably later today.

aaronmchale’s picture

aaronmchale
Primary language English
Location Edinburgh, Scotland
commented

Great

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

New releases created.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.