Contrib.social

Don't use link in message after node save if user doesn't have permissions

Open on Drupal.org β†’
Created on 4 April 2017, about 8 years ago
Updated 1 September 2023, over 1 year ago

Problem/Motivation

When user saves node then Drupal should check if user has access to it and then decide if the new node title in the message should be link or not.

Message with link

User doesn't have access to it

To recreate:

  1. Drupal 8.x-4.x installation
  2. Create a new user role
  3. Add a new user and give the user the newly created role
  4. Give the user permissions to create/edit the page node type
  5. Don't give the user the 'View published content' permission
  6. Login as the user and create a new content of the type page
  7. Notice that you get a success message with a link to the node while you are in the access denied page for that node.

Proposed resolution

Add a node access check.

πŸ› Bug report
Status

Needs review

Version

10.1 ✨

Component
Node systemΒ  β†’

Last updated about 15 hours ago

No maintainer
Created by

πŸ‡ͺπŸ‡ͺEstonia hkirsman

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago β†’
    πŸ‡¬πŸ‡§United Kingdom Dubs

    Hi all,

    I'm reopening the issue because there are valid use cases, for example, in the case of content moderation an anonymous or authenticated user could create some content and then not have permissions to view the content. The above patch works in this situation.

    Logically, a link to view unpublished or draft content should not be provided as this will result in an access denied page for the visitor.

    Thanks for reading, and hopefully this patch can find it's way into the code base.

  • Status changed to Needs work over 1 year ago
  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Per #30 if this is going to be reopened steps to reproduce fully need to be included in issue summary.

  • First commit to issue fork.
  • Merge request !8877Issue #2866619 by kksandr: added link access check to the node form β†’ (Open) created by Unnamed author
  • Pipeline finished with Success
    9 months ago
    Total: 462s
    #231237
  • Status changed to Needs review 9 months ago
  • Comment 9 months ago β†’
    kksandr

    I updated the steps to reproduce the issue according to the updated test and opened a merge request with the fix.

  • Status changed to Needs work 8 months ago
  • Comment 8 months ago β†’
    needs-review-queue-bot

    The Needs Review Queue Bot β†’ tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

    This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

    Consult the Drupal Contributor Guide β†’ to find step-by-step guides for working with issues.

  • First commit to issue fork.
  • Pipeline finished with Canceled
    5 days ago
    Total: 573s
    #461142
  • Comment 5 days ago β†’
    πŸ‡¦πŸ‡ΊAustralia acbramley

    Rebased and slightly simplified the solution. Also expanded the test comment a bit.

  • Pipeline finished with Success
    5 days ago
    Total: 342s
    #461149
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024