Xapian module permissions for search administration

Posted by Zen on September 24, 2008 at 4:23pm

Issue Summary

FYI: Not sure what the status of this module is, but I have access to its configuration page. My role shouldn't.

Comments

#1

Posted by greggles on September 24, 2008 at 4:39pm

Title:	Xapian module permissions need checking	» Xapian module permissions for search administration
Project:	Drupal.org webmasters	» xapian
Version:	<none>	» 5.x-1.x-dev
Component:	Site organization	» Code

This isn't exactly a security issue, but the public queue probably isn't the best place to report this either...

You have the "CVS Admin" role on d.o which has the permission "access administration pages".

The xapian module uses this code for the menu callback:

'access' => user_access('access administration pages'),

Maybe something like 'access' => user_access('access administration pages') && user_acces('administer search'),

would be better?

#2

Posted by Jeremy on September 24, 2008 at 7:07pm

Status:

active

» fixed

Thanks! Fix committed. (I switched from 'access administration pages' to 'administer search', which is the same permission used by the core search module.)

#3

Posted by Anonymous (not verified) on October 8, 2008 at 7:12pm

Status:

fixed

» closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

Project:	xapian
Version:	5.x-1.x-dev
Component:	Code
Category:	task
Priority:	normal
Assigned:	Unassigned
Status:	closed (fixed)

Xapian module permissions for search administration

Jump to:

Issue Summary

Comments

#1

#2

#3