Posted by AaronMcHale on October 26, 2009 at 10:20pm
| Project: | Admin role |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | task |
| Priority: | normal |
| Assigned: | Dave Reid |
| Status: | closed (fixed) |
Issue Summary
Would it be posable in the next version to add permission control that would allow an admin user of a site the ability to decide which roles have access to the administration page for the Admin Role module, currently any user that has access to administration pages can access and change the Admin Role.
Thanks,
From: Azz McH
Comments
#1
#2
Seems fair that the 'administer users' should be the permission for the adminrole page. This would match the D7 behavior:
$items['admin/config/people/accounts'] = array('title' => 'Account settings',
'description' => 'Configure default behavior of users, including registration requirements, e-mails, and user pictures.',
'page callback' => 'drupal_get_form',
'page arguments' => array('user_admin_settings'),
'access arguments' => array('administer users'),
'file' => 'user.admin.inc',
'weight' => -10,
);
#3
No patch = active
#4
People should be able to upgrade from D6 + adminrole.module to plain D7 without losing functionality. That will entail:
1. Moving the admin role select box to the admin/user/settings page and getting rid of the page callbacks.
2. Renaming the adminrole_adminrole variable to user_admin_role.
3. Other misc cleanups.
#5
#6
As discussed here;
"Adminrole security hole: admins can assign themselves full permissions"
http://drupal.org/node/375954#new
- this is not only for "upgrading ease".
#7
Fixed in CVS.
#8
All I want to know is, will this be fixed in a new release? Including http://drupal.org/node/375954.
#9
Yes it will.
#10
Good, when will the new release be available?
#11
When I'm finished? Probably later today.
#12
Great
#13
New releases created.
#14
Automatically closed -- issue fixed for 2 weeks with no activity.