Given that all of the items in the admin_tools block require the 'administer site configuration' permission (except for 'update' which is its own kettle of fish), the block itself should not output anything if the user does not have this permission.

CommentFileSizeAuthor
#1 admin_tools-n934536-d6.patch843 bytesdamienmckenna

Comments

damienmckenna’s picture

damienmckenna
Location TN, USA
commented
StatusFileSize
new admin_tools-n934536-d6.patch843 bytes

Here's a patch for D6, it doesn't look like the D7 branch needs it due to changes in D7's APIs?

damienmckenna’s picture

damienmckenna
Location TN, USA
commented
Status: Active » Needs review
himerus’s picture

himerus commented

Damien,

Sorry I didn't see this (or get automated email).
This is an issue I've been aware of... but haven't taken the time to fix it as in my own usage, it is always in the admin sidebar, so the "use admin toolbar" permission will hide away the whole thing.

I do however, see the obvious glaring hole in security, and if it's there, then will be easier to have it placed as a normal block in some circumstances users may want to use.

I will test this out, and commit soon!
Thanks for the patch!

bbc’s picture

bbc
he/him/his
Location Madison, WI
commented

subscribing

Brandonian’s picture

Brandonian commented
Status: Needs review » Reviewed & tested by the community

Patch applies cleanly and works as advertised. Get's a +1 from me for what it's worth.

Iwink’s picture

Iwink commented
Assigned: Unassigned » Iwink

I have some problem with administer, my site crush after install some module. Please help me to fix my problem. Thanks
please review my site http://mintadong.com

mdupont’s picture

mdupont
Primary language French
Location Switzerland
commented
Assigned: Iwink » Unassigned
wiifm’s picture

wiifm
Primary language English
Location Wellington, NZ
commented

+1 for the commit of this much needed patch. Everything works as expected. Can there be a commit + release?

himerus’s picture

himerus commented

I promise I'll try to get to this soon!!! And release a new version.

ptocheia’s picture

ptocheia commented

I expected trying to hide the admin tools from certain users to be a chunk of work for me, and then I conveniently found this patch. Thanks so much for posting this!

gg4’s picture

gg4 commented

+1

osman’s picture

osman
Location Copenhagen
commented

+1
the patch works as advertised. Thanks.

nubeli’s picture

nubeli commented

+1

Would be nice to get this patched. I like to use the admin sidebar as a general collapsible menu for all users. Having the admin tool block visible to all users is just confusing and makes it less useful for admins.

nubeli’s picture

nubeli commented

And surely a year is enough time to commit a small patch like this?

bocaj’s picture

bocaj commented
Version: 6.x-1.0 » 7.x-1.x-dev
Status: Reviewed & tested by the community » Fixed

This has been taken care of (plus other permissions) in the latest dev release for Drupal 7. I haven't done anything at this point with Drupal 6 since everything I have been developing lately has been on Drupal 7.

If there is still a need for this to be in D6 please let me know, otherwise this is marked as fixed.

gg4’s picture

gg4 commented
Version: 7.x-1.x-dev » 6.x-1.x-dev
Status: Fixed » Needs review

I think this would still be a useful improvement for the D6 branch. Hopefully the patch at #1 will make this a simple fix.

bocaj’s picture

bocaj commented
Status: Needs review » Fixed

Alright. At @_double's request I added the patch in #1 to the D6 branch. It will be available in the latest dev release shortly.

I would like to have D6 and D7 branches contain the same functionality, but I want to make sure that the new features in the D7 branch work as expected before backporting. This patch will hopefully bridge the gap in the meantime.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.