I've spotted a little mistake on wishlist.module code: I think line 357:

$items[] = array('path' => 'wishlist', 'title' => t('wish lists'), 'callback' => 'wishlist_page', 'access' => user_access('access content'), 'type' => MENU_NORMAL_ITEM);

should be instead:

$items[] = array('path' => 'wishlist', 'title' => t('wish lists'), 'callback' => 'wishlist_page', 'access' => user_access('access wishlists'), 'type' => MENU_NORMAL_ITEM);

At present, the "access wishlist" permission have no effect, except for anonymous users that get a "login to purchase this item" message while viewing the list, instead of getting it after clicking the "purchase" link.

Comments

scott.mclewin’s picture

Status: Active » Fixed

You are right. I've committed this change to head. I'll get a number of changes in head before I merge them back to the 4.7 branch. Right now head remains compatible with 4.7.

Anonymous’s picture

Status: Fixed » Closed (fixed)