Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Users without permission 'use ulogin' can access profile tab 'uLogin identities'.
To avoid this we have to call user_access('use ulogin') in addition to user_edit_access().
Comment | File | Size | Author |
---|---|---|---|
ulogin-6.x-add_access_callback.patch | 1.16 KB | quotesBro |
Comments
Comment #1
duozerskMikhail,
Thanks for the report and patch... but this is "by design" - a user who has permission to edit the shown account has access to the uLogin tab (this would include user admins browsing other users accounts).
Don't really see a reason why you think this is a bug...
Thanks
AndyB
Comment #2
quotesBro CreditAttribution: quotesBro commentedIf some user does not have the permission 'use ulogin', he will see this tab and can open it, but can do nothing on this page. So I think it's a bug. And I thought it's a common practice in Drupal modules to define it's own access callback for profile tabs. Apologize if I am wrong.
Comment #3
duozerskYeah, you are right... if someone without 'use ulogin' permission goes there then he can't really do anything, but he can see that he has a connected identity.
As for the practice to set a permission per profile tab - don't really know, might be so or might not, can't tell.
I tend to set it as "closed (works as designed)" as if you need to change it - you can always hook_menu_alter(), right? ;) Need to think of it over several days and then will make a decision.
Thanks
AndyB