Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Drupal core allows access to /admin/people/create based on the permission 'administer users'. This is correct by default, in vanilla core. However it ignores any code that has implemented hook_entity_create_access.
This issue is a blocker for contrib module Administer Users by Role.
Steps to reproduce
- Create a custom modules that implements
hook_entity_create_accessas below (plus XXX.permissions.yml to define the new permission). - Create a user with permission 'create users' and log on as that user.
- Visit /admin/people/create
- Expected behaviour: can access page.
- Actual behaviour: access denied.
function XXX_entity_create_access(AccountInterface $account, array $context, $entity_bundle) {
if ($context['entity_type_id'] != 'user') {
return AccessResult::neutral();
}
return AccessResult::allowedIfHasPermission($account, 'create users');
}
Resolution
If the requirement is changed to _entity_create_access: 'user' it works perfectly. The new code is consistent with a variety of other places in Drupal Core.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | user.create.access-2921365-2.patch | 446 bytes | AdamPS |
Comments
Comment #2
AdamPS CreditAttribution: AdamPS at AlbanyWeb commentedComment #3
idebr CreditAttribution: idebr at ezCompany commentedComment #4
AdamPS CreditAttribution: AdamPS at AlbanyWeb commentedThe patch here is currently also included in a patch on #2854252: User forms broken for admin without 'administer users' and that patch includes tests. I could bring the tests back here if there is a desire to check this is separately. Or we could focus our efforts on the other issue and check it all in together.
Comment #7
AdamPS CreditAttribution: AdamPS at AlbanyWeb commentedThe fix was committed as part of #2854252: User forms broken for admin without 'administer users'