D8 MegaMenu displays all menu items, and does not pay attention to access rights (for example, menu items for views).
The menu items are not displayed in the standard menu and displayed in the D8 menu.
Comment | File | Size | Author |
---|---|---|---|
#18 | menu-items-access-check-2998479.patch-18.diff | 6.39 KB | arnaldop |
Comments
Comment #2
gmarchev CreditAttribution: gmarchev at FFW commentedUse menu.default_tree_manipulators for access checks of links and do not build links which don't have explicitly granted access.
Comment #3
gmarchev CreditAttribution: gmarchev at FFW commentedComment #4
fomenkoandrey CreditAttribution: fomenkoandrey commented>>>menu.default_tree_manipulators
i dont know what is this, i use and test in standart bartik theme.
Comment #5
gmarchev CreditAttribution: gmarchev at FFW commentedis a Core utility service that provides methods for manipulating menu trees, see
\Drupal\Core\Menu\DefaultMenuLinkTreeManipulators
.Comment #6
greatmatter CreditAttribution: greatmatter commentedWhile it's somewhat related, this also applies to unpublished nodes as well.
Comment #7
kle CreditAttribution: kle commentedI found this Issue after I made my own very simple solution (only the last line of following code):
Seems to be fine... What you think?
Comment #8
lexsoft00 CreditAttribution: lexsoft00 commentedIs this project [we_megamenu] still maintained?
Comment #9
buivankim2020 CreditAttribution: buivankim2020 commentedThanks, #7. Thanks for your solution, we need to check internal link first ;)
Comment #10
buivankim2020 CreditAttribution: buivankim2020 commented@lexsoft, we still working on this project...
Comment #12
sassafrass CreditAttribution: sassafrass as a volunteer commentedPatch: menu-items-access-check-2998479-2.patch works for me! Thank-you!
Comment #13
PieterDC@sassafrass, does version 1.5.0 of this module, without menu-items-access-check-2998479-2.patch, fix your problem?
Comment #14
danheisel CreditAttribution: danheisel commentedI tried #2 but it seems the lines were slightly off on the latest release, 8.x-1.5. This is my first official patch submission, so hope it works for those who need it. All seems fine in my testing.
Edit to this one. Not sure how but applying the same #2 patch worked just fine today compared to yesterday. Same command, folder, etc. Please disregard my patch #14 as #2 works as expected now.
Comment #15
greatmatter CreditAttribution: greatmatter commentedDid this patch make its way into 8.x-1.7?
Comment #16
greatmatter CreditAttribution: greatmatter commentedAn updated patch for 8.x-1.7
Comment #17
arnaldopI have a problem with this, and it's not the patch, but the way that the module has always worked, at least as far as I can tell.
The issue I have is that, when I'm user 0, I want to configure ALL of the menu options, such as Font Awesome icons. But even in the admin configuration screen, the menu is curated based on access. So for menu items created by Views, with specific role access, I am unable to configure the menu item without editing the DB object itself. This is very error prone, and not a long-term option.
The attached patch builds on the patch above, but adds in the idea that, if you are in the back-end, you will see every menu option, regardless of access. This will allow you to configure every menu option, even those that user 0 might be unable to access.
The only use case not covered here is one where a user (not user 0) is granted permission to modify a menu or to configure this module, but they should not be able to see the menu item. This is a small, low impact scenario, because even though that user would see the menu item, they will still be denied access to those pages if they try to access them. If a user has menu editing permission, seeing that a menu item exists is probably not a big risk.
I'm also changing the status to Needs Work because in theory we should add unit tests. I don't know how to test this module, but perhaps someone else can step in?
Thanks for the great module!!!
Comment #18
arnaldopThat was a fail. Somehow the patch got messed up. Here's the updated patch.
Comment #19
brussam CreditAttribution: brussam commentedThis -18 patch was working well for 5 days. Then something happened today and Mega Menu stopped using Menu Per Role. Remove Mega Menu, reloaded, and patched again. Still not using roles.
And then role control came back. Never mind.
Comment #20
greatmatter CreditAttribution: greatmatter commentedOut of curiosity, how come this patch hasn't been added to releases?
Comment #21
greatmatter CreditAttribution: greatmatter commentedThe fix hasn't been added to the 1.10-beta. Would it be possible to add it, please?
Comment #23
WeebPal CreditAttribution: WeebPal commentedHello. Thank you for helping us figure out and fix this issue. Patch #18 is applied with minor changes, and the issue should now be fixed in 1.10-beta2.
1.10-beta2 also work with D9 and tested on a clean D8.8 -> D9 upgrade. More review are very welcome before we release stable version 1.10.
Comment #24
WeebPal CreditAttribution: WeebPal commentedComment #25
greatmatter CreditAttribution: greatmatter commentedThank you so much!!!
Comment #27
greatmatter CreditAttribution: greatmatter commentedComment #29
greatmatter CreditAttribution: greatmatter commentedThis issue has reappeared. I'm not 100% sure when it cropped up--but definitely within the last couple months. Is there a chance to reopen this?