Refactoring of the permissions [#2916459]

The Notify Slack Form is not depending of a permission to be accessible, why the access to this form is not secure ?
Everybody can use the form if the URL is known !!! That's crazy !!!

$items['notify_slack/form'] = array(
  'title' => 'Notify Slack Form',
  'page callback' => 'drupal_get_form',
  'page arguments' => array('notify_slack_form'),
  'access callback' => TRUE,
  'description' => 'Send notification to Slack.',
  'type' => MENU_NORMAL_ITEM,
);

I suggest to do a refactoring of the permissions management for this module.
For the settings page the access arguments is also too generic, but secure in this case ;)
'access arguments' => array('administer site configuration')

Comment	File	Size	Author
#2	notify_slack-refactoring_of_the_permissions-2916459-02-D7.patch	1.6 KB	Echofive

Comments

Comment #1

16 October 2017 at 07:48

Echofive created an issue. See original summary.

Comment #2

Echofive commented 16 October 2017 at 08:16

Status	File	Size
new	notify_slack-refactoring_of_the_permissions-2916459-02-D7.patch	1.6 KB

Here the patch that I've created ;)
If this can help somebody ;)

Comment #3

Echofive commented 16 October 2017 at 08:19

Status:

Active

» Needs review

Issue status update ;)

Refactoring of the permissions

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community