Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
currently, the access perm for admin/content is 'administer site configuration'. now that the menu bubbling is gone, users cannot admin nodes unless they have both 'administer nodes' and 'administer site configuration' -- that's too much power to have to grant just to enable a user to admin nodes!
attached patch changes the menu perm for admin/content to the generic 'access administration pages', which i think is a more sensible perm level for that menu path
Comment | File | Size | Author |
---|---|---|---|
#5 | admin_content_perm_2.patch | 1.43 KB | pwolanin |
#4 | admin_content_perm_1.patch | 1.38 KB | pwolanin |
#2 | admin_perm.patch | 770 bytes | hunmonk |
admin_content_perm.patch | 710 bytes | hunmonk | |
Comments
Comment #1
keith.smith CreditAttribution: keith.smith commentedPatch no longer applies.
# patch -p0 < admin_content_perm.patch
patching file modules/node/node.module
Hunk #1 FAILED at 1127.
1 out of 1 hunk FAILED -- saving rejects to file modules/node/node.module.rej
Comment #2
hunmonk CreditAttribution: hunmonk commentedupdated patch attached.
Comment #3
webchickTested and works. This makes a lot more sense. RTBC.
Comment #4
pwolanin CreditAttribution: pwolanin commentedNote that while menu links no longer "bubble", you *can* still make a link directly to admin/content/node and put it in the Navigation menu or a custom menu without this patch. The access to the page is not blocked, the user just can't see the link.
Actually a more sensible change for the permission might be to just remove that line. The user won't be able to see that link unless they have 'access administration pages', and this page will still inherit that permission from /admin. This makes more sense, otherwise users with 'administer comments', etc. won't be able to see their links without 'administer nodes' permission too.
However, we then need to apply the 'administer site configuration' permission to the RSS feed settings page, otherwise a user with just 'access administration pages' (or per the patch above, 'administer nodes') will be able to change the feed settings at admin/content/rss-publishing.
Comment #5
pwolanin CreditAttribution: pwolanin commentedper feedback from chx on IRC - patch above is a bad idea, since then users may see a link to an empty page. This patch combines the two above - admin/content requires 'administer nodes' while admin/content/rss-publishing now explicitly requires 'administer site configuration' (before it inherited it from admin/content).
Comment #6
dwwlogic in the issue is sound, patch is clean (applies with minor offset), tested and works as expected. important bug fix. definitely RTBC.
Comment #7
Gábor HojtsyCommitted!
Comment #8
(not verified) CreditAttribution: commented