Rights management not working
| Project: | Knurl |
| Version: | 6.x-1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | needs review |
You're currently providing three access rights: 'create knurl', 'access knurl' and 'remove knurl'
But 'access knurl' and 'create knurl' aren't working correctly. You used hook_access which is called for operations on nodes but you don't create any nodes here.
In the current implementation every role that should be able to use a short url must have the 'access knurl' right. But the same right enables you to see the list of all short url and to create new ones.
I attached a patch that introduces a new right called 'show knurl', removes the implementation of hook_access and fixes the rights applied to the menu tree.
Using this patch the rights are working like this:
'create knurl': right to create new short urls
'remove knurl': right to remove existing short urls
'show knurl: right to access the list of existing short urls
'access knurl': right to access any short url and get redirected to a long url (don't forget to give that right to anonymous users which is the common use case)
BTW this issue was already mentioned at #359791: Public access to stored links but not solved completely.
| Attachment | Size |
|---|---|
| knurl_access_rights.patch | 1.39 KB |