Contrib.social

Allow access to admin/reports based on the 'access administration pages' permission

Open on Drupal.org β†’
Created on 2 May 2018, over 6 years ago
Updated 20 February 2024, 10 months ago

Problem/Motivation

Currently the access to the admin/reports is determined by the permission 'access site reports'. Assume you want to facilitate GDPR auditing by exposing a custom site report on admin/reports/audit and expose the report through the toolbar. This would require adding the 'access site reports' permission to the account. However, this permission is also used to display the 'Recent log messages' page of the drupal/dblog module. Allowing a GDPR auditor access to this page is counterproductive for a positive GDPR audit.

Proposed resolution

Allow access to 'admin/reports' based on the 'access administration pages' permission in line with admin/structure and admin/config.

Remaining tasks

  1. Write a patch
  2. Review
  3. Commit

User interface changes

Users with the 'access administration pages' can access 'admin/reports'.

On the flip side, this will make πŸ› Restrict access to empty top level administration pages Fixed more visible. This is commonly fixed by using the admin_toolbar_links_access_filter module that comes with the Admin toolbar module or a similar solution.

API changes

None.

Data model changes

None.

πŸ“Œ Task
Status

Needs work

Version

11.0 πŸ”₯

Component
OtherΒ  β†’

Last updated 1 day ago

Created by

πŸ‡³πŸ‡±Netherlands idebr

Live updates comments and jobs are added and updated live.
  • Needs change record

    A change record needs to be drafted before an issue is committed. Note: Change records used to be called change notifications.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago β†’
    πŸ‡³πŸ‡±Netherlands Lendude Amsterdam

    Not having 'access site reports' control access to 'admin/reports' sounds very counter intuitive to me and would probably lead to confusing as to what that permission actually does. Because, what does it actually do if this would land? Only control access to the recent log messages? If the problem is with exposing the recent log messages with this permission, doesn't it make more sense to give that its own permission?

    Having fine grained control over who sees log messages makes more sense to me.

  • Comment almost 2 years ago β†’
    πŸ‡³πŸ‡±Netherlands idebr

    A new permission to view `Recent log messages` makes sense. However, the top-level item for admin/content and admin/structure already use the `access administration pages` permission so maybe both?

  • Status changed to Needs work almost 2 years ago
  • Comment almost 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Setting to NW for the change record. And possible more discussion in #25 + #26

  • Comment 12 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States GuyPaddock

    Alternatively, what if there was a separate permission for "access reports overview"? It's a similar use case to wanting to give users access to the node overview page without granting them the ability to edit all nodes.

    Our use case is that we are adding some additional reports that we want some of our content editors to use but we don't want to give them the permission to view all the developer-facing reports that Drupal ships with.

  • Comment 10 months ago β†’
    πŸ‡³πŸ‡±Netherlands idebr

    Reroll after πŸ› Restrict access to empty top level administration pages Fixed was committed.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024