Home » Download » Modules » xapian » Issues

Xapian module permissions for search administration

Zen - September 24, 2008 - 16:23
Project:xapian
Version:5.x-1.x-dev
Component:Code
Category:task
Priority:normal
Assigned:Unassigned
Status:closed
Description

FYI: Not sure what the status of this module is, but I have access to its configuration page. My role shouldn't.

» Login or register to post comments

#1

greggles - September 24, 2008 - 16:39
Title:Xapian module permissions need checking» Xapian module permissions for search administration
Project:Drupal.org webmasters» xapian
Version:<none>» 5.x-1.x-dev
Component:Site organization» Code

This isn't exactly a security issue, but the public queue probably isn't the best place to report this either...

You have the "CVS Admin" role on d.o which has the permission "access administration pages".

The xapian module uses this code for the menu callback:

    'access' => user_access('access administration pages'),

Maybe something like 'access' => user_access('access administration pages') && user_acces('administer search'),

would be better?

Login or register to post comments

#2

Jeremy - September 24, 2008 - 19:07
Status:active» fixed

Thanks! Fix committed. (I switched from 'access administration pages' to 'administer search', which is the same permission used by the core search module.)

Login or register to post comments

#3

Anonymous (not verified) - October 8, 2008 - 19:12
Status:fixed» closed

Automatically closed -- issue fixed for two weeks with no activity.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.