Edit link exposed regardless of permissions [#859750]

theme_boxes_box() exposes 'edit' and 'cancel' links regardless of the user's permissions. Clicking on the 'edit' link as a user with insufficient permissions results in an ajax error (js popup).

Patch coming.

Comment	File	Size	Author
#1	859750-1_protect_controls.patch	2.37 KB	alex_b

Comments

Comment #1

alex_b commented 20 July 2010 at 20:02

Assigned:	alex_b	» Unassigned
Status:	Active	» Needs review

Status	File	Size
new	859750-1_protect_controls.patch	2.37 KB

Comment #2

jmiccolis commented 26 July 2010 at 19:33

Status:

Needs review

» Fixed

Committed, with one change; using boxes_access_admin() to check permissions instead of going after "administer blocks" directly. This way we keep spaces happy.

Thanks for the patch!

Comment #3

9 August 2010 at 19:40

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Edit link exposed regardless of permissions

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community