Administration page block lists all items ignoring permissions

This is indeed a serious bug.

Neeeds work- this patch does not account for the page at:
/admin/by-module

subscribing.

attached patch handles both the by-task and by-module page. on the by-module page, i elected not to display the block if the only link available was for the module help--seems cleaner this way.

elected not to display the block if the only link available was for the module help--seems cleaner this way.

Hm. Really? IMO, that brings about inconsistency for no real gain...

For example, Tracker module doesn't yield any actual admin links, but it will provide a help link so people can find out wtf it does. The absense of the block altogether would indicate to me as a new user that there is in fact no help text for that module (since all the rest of them list the link), and then I end up posting to the forums asking "What does this crazy Tracker module do, anyway?"

I'd leave the help text in, as long as the user can access it, even if it is the only link in the block. The rest looks good. Testing now...

Created user "peon" with "administer blocks" and "access administration pages" permissions.

Before the patch, admin pages showed all links.

After patch, shows only the logs (which I guess are tied to "access administration pages" permission as a legacy thing...will file a separate issue about that) and the blocks link. Module page does the same thing.

+1. I'd RTBC it but I don't like that "dropping block if there's only a get help link" thing. :)

I'll test the patch later, but I'm also a bit confused about how (in general) to properly link in the help page via hook_help now that the admin paths have changed. The used to be a magic "more help" link that appeared on settings pages. Anyone have a pointer? There isn't anything obvious at the page on Converting 4.7.x modules to 5.x and the API docs are obviously in need of an update.

like webchick, it also seems a little funny to me that with this patch the user can see all the help links at admin/help, but won't see them at admin/by-module.

Other than that, a +1 since it seems to fix the bug.

here's a patch that leaves in the blocks that only have help text. i don't like it, for a couple of reasons:

• if a user has only admin user perms, for example, they are presented with a sea of blocks, almost all of which they can do nothing with, except get help. it looks kind of dumb to me, and makes it harder for them to find links that are meaningful relative to where they're at.
• if you're at admin/by-module, you're there to perform an admin task on a module, not look for general module help. in my view, in that location you only need the help links for modules that you can perform actions on. the help link for a module that you can do nothing with is misplaced on that page--go to admin/help if you're looking for general help on modules!

anyways, i'm a coder, not a UI master. i've said my peace. pick which one you like... :)

Well, since you put it that way, I think you're right that the patch at #3 is cleaner in terms of the UI if we aren't going to limit access to the help pages via some other permission. So, barring that change, I think the patch at #3 is RTBC.

This can be a separate patch, but what about removing get help from the list of links then, and simply putting a message at the top of this page which says, "For help on modules, see administer >> help" (or whatever the path is now) -- that way we don't have blocks that contain "nothing," and we also don't have inconsistency where "get help" is listed for some but not all.

COmmitted to HEAD.

Looks like drumm committed the second of the two... I've created a new issue @ http://drupal.org/node/92192 to discuss what to do about the "get help" links.