DDEV is the official local development tool of Drupal. And like Drupal, DDEV depends on the support of the open source community.Currently the 8.x-1.x version of the module only checks for the "access administration pages" on its administration pages. Many sites may use this permission to give trusted, but non-advanced, users access to manage content. The settings on the shib_auth admin page can have site-wide ramifications to user logins, potentially allowing users to disable proper authentication. The shib_auth admin pages should have their own independent permissions check in the same way that the module functions in the 7.x-4.x branch.
I've attached a simple patch that defines the new permission (based on the 7.x version), and adds it to the admin page routing.
| Comment | File | Size | Author |
|---|---|---|---|
| shib_auth-admin-permissions.patch | 1.06 KB | pkozik |
Comments
Comment #2
steven jones CreditAttribution: steven jones at ComputerMinds commentedLooks good to me!