Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Problem/Motivation
RoleDelegationAccessCheck doesn't seem to work as expected, define the rules, fix the code and add new tests.
Proposed resolution
RoleDelegationAccessCheck is designed for checking access to /user/%/roles which allows users without normal admin permissions but will a role such as "assign content editor role" to manage user roles. This page is in addition to editing roles at /user/%/edit.
Proposal
- Currently you can't access this page if you can "access user profiles". This makes no sense, lets remove it.
- Currently you can't view this page if you can "administer users". We don't need to check this explicitly but it should give you access.
- Currently, you cannot edit this page even when you have a permission like "assign custom role", this is a bug, fix and add tests.
- Currently you can view this page if you have "administer permissions". Lets remove this because with core, you can only edit permissions if you also have "administer users" to edit via the user page, if we allowed access based on this permission, installing the module would open up a roles interface to those users.
Remaining tasks
User interface changes
API changes
Data model changes
Comment | File | Size | Author |
---|---|---|---|
#7 | interdiff.txt | 1.29 KB | benjy |
#7 | 2691425-7.patch | 4.64 KB | benjy |
| |||
#6 | 2691425-6.patch | 4.57 KB | benjy |
|
Comments
Comment #2
benjy CreditAttribution: benjy at PreviousNext commentedComment #3
benjy CreditAttribution: benjy at PreviousNext commentedComment #4
benjy CreditAttribution: benjy at PreviousNext commentedComment #5
benjy CreditAttribution: benjy at PreviousNext commentedComment #6
benjy CreditAttribution: benjy at PreviousNext commentedPatch with tests.
Comment #7
benjy CreditAttribution: benjy at PreviousNext commentedNow with even less code.
Comment #8
Sam152 CreditAttribution: Sam152 as a volunteer and at PreviousNext commentedLooks good.
No form route enhancer?
Comment #9
benjy CreditAttribution: benjy at PreviousNext commentedComment #11
benjy CreditAttribution: benjy at PreviousNext commented