Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
An entry in user_badges.links.task.yml is missing for /user/{user}/badges. When this is added, the access check can fail on adjacent tabs such as for userpoints. In some cases $user_from_url is the user entity and in others it is simply the string of the user id. I've created a patch that makes these changes and uses dependency injection.
Comment | File | Size | Author |
---|---|---|---|
#3 | interdiff-3110467-1-3.patch | 1.7 KB | mohit_aghera |
#3 | missing-and-broken-access-check-3110467-3.patch | 4.16 KB | mohit_aghera |
#2 | missing-and-broken-access-check-3110467-1.patch | 3.17 KB | johne |
Comments
Comment #2
johne CreditAttribution: johne at CivicActions for LINCS commentedHere's that patch
Comment #3
mohit_aghera CreditAttribution: mohit_aghera as a volunteer and at Axelerant commentedThanks @johne for initiating the patch.
The patch is working as expected. However, as per latest namespacing change for access related classes, I've refactored it.
I've updated the patch.
Code is essentially the same, I've just moved it as per namespace changes.
Comment #5
mohit_aghera CreditAttribution: mohit_aghera as a volunteer and at Axelerant commentedMerging it for now.