Problem/Motivation
In a group type, I have a role "Moderator" (in Group it is one of the Outsider roles) to which I set the permission: "Group membership: Administer group members"
When accessing the page "/group/{groupNr}/members", the Moderator get the message "Access denied, You are not authorized to access this page." The access can only be granted if I set the permissions "Administer group", but this option gives too much access rights.
Another case: A role Group manager with permissions "Access the Group overview page" but without "Bypass group access control". A user with Group manager role is also member of a few groups. At the groups overview page at /admin/group, this user can only edit those groups of which he is _not_ a member. Being a member disables access to editing the group.
Comment | File | Size | Author |
---|---|---|---|
#5 | group-fix-outsider-as-member-2898655-5.patch | 587 bytes | Sutharsan |
#3 | group-fix-outsider-as-member-2898655-3.patch | 937 bytes | recrit |
|
Comments
Comment #1
Anonymous (not verified) CreditAttribution: Anonymous commentedvlalieu created an issue. See original summary.
Comment #2
recrit CreditAttribution: recrit commentedIs "Moderator" a group role or an outsider / Drupal role?
I had a similar issue when a user with a privileged outsider role and also a member of the group. If they lost permissions granted to the outsider role.
Comment #3
recrit CreditAttribution: recrit commented@vlalieu to fix your issue, the view at "/admin/structure/views/view/group_members/edit/default" can be updated to use "Access: Group permission: Group membership: View individual group members" instead of Administer members.
The attached patch adds the outsider roles for members also. This allows outsider admins to be able to administer members and group admins to have limited admin access.
Comment #4
Sutharsan CreditAttribution: Sutharsan at LimoenGroen commentedI think I got to the bottom of this. Thanks to @recrit for the patch, it got me into the right direction.
I retraced the history of this code and found #2883238: Move the grolesync module to the main module for outsiders only.. Where the patch below creates the logic which causes the problem.
The
elseif
introduced the problem:Before the issue the situation was
This was changed to
Now doTheRest is no longer called if one is a member.
Comment #5
Sutharsan CreditAttribution: Sutharsan at LimoenGroen commentedThis patch fixes just the
elseif
and with that brings back the original high-level logic.I have compared the result of the code in #3 and #5 that generates the extra roles related to the outsider roles. And concluded that the additional code that #3 adds does not add extra value. I prefer that #5 reduces the complexity and #3 adds more.
Comment #7
geek-merlinImho dup of the other.