Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If a user is granted access to "edit pages" (or survey, etc) but is denied "create pages" - they should not be able to see "create content > page".
- user is granted access to "edit page".
- user should not see "create content > page".
This also occurs with some other modules as well (survey is my other example).
Comments
Comment #1
gregglesThis seems like "normal" priority rather than "critical". In order to be "critical" it has to really break the system.
Also, can you be more explicit what the access control settings are required to get to this point?
I tried to reproduce the bug but couldn't create the set of permissions that you mention.
Comment #2
Shane Birley CreditAttribution: Shane Birley commentedTo clarify, let's say we have a web site that has blogs and forums. If a non-administrator user is allowed to blog, but not create a forum topic, the menu system is set to:
BUT, the information displayed on the main column of the site, the page that lists the types of content with their definitions, also displays the fact the web site can also make forum topics.
So, if a non-administrator user clicks on it, they get an access denied error. I think the definitions list should also remove the "forum topic" information as the menu does. If the user can't create those content types, nor should they see the information listed and have a chance to see a denied message.
Does that help?
Comment #3
Shane Birley CreditAttribution: Shane Birley commentedComment #4
(not verified) CreditAttribution: commented