In the file uc_advanced_catalog.pages.inc you find this code:
Line 121:
<?php
// modded: add taxonomy edit link
if ($catalog->tid != 0) {
$output .= '<div class="uac-edit">'. l(t('Edit category'), 'admin/content/taxonomy/edit/term/'. $catalog->tid, array('query' => array('destination' => $_GET['q']))) .'</div>';
}
// end of mod
?>
and on line 266:
<?php
// catalog description
if ($catalog->tid != 0) {
$output .= '<div class="uac-edit">'. l(t('Edit category'), 'admin/content/taxonomy/edit/term/'. $catalog->tid, array('query' => array('destination' => $_GET['q']))) .'</div>';
}
?>
This created the issue that users without "administer taxonomy" who clicked on the link as well as search engines (assuming anonymous users had access to the catalog) would end up at an Access Denied page.
I made this minor modification.
On the first section:
<?php
// modded: add taxonomy edit link
if ($catalog->tid != 0 && user_access('administer taxonomy')) {
$output .= '<div class="uac-edit">'. l(t('Edit category'), 'admin/content/taxonomy/edit/term/'. $catalog->tid, array('query' => array('destination' => $_GET['q']))) .'</div>';
}
?>
and on the second section:
<?php
// catalog description
if ($catalog->tid != 0 && user_access('administer taxonomy')) {
$output .= '<div class="uac-edit">'. l(t('Edit category'), 'admin/content/taxonomy/edit/term/'. $catalog->tid, array('query' => array('destination' => $_GET['q']))) .'</div>';
}
?>
This prevents the link from being displayed to users which cannot visit the page it leads to.
Comments
Comment #1
bonked commentedWill be uploading a patch for this.
Comment #2
bonked commentedThis patch makes the changes described above against 6.x-2.x
Comment #3
bonked commentedComment #4
okokokok commentedPatch in #2 works for me.
Comment #5
mogtofu33 commentedThis patch has been added on next dev snapshot (December 13, 2011).
Thank you for the report.
Regards.
Mog.