Contrib.social

Content translation overview operation links may lead to an access denied page

Open on Drupal.org →
Created on 20 May 2018, over 6 years ago
Updated 6 January 2025, 24 days ago

Problem/Motivation

Steps to reproduce:

  1. Enable CT
  2. Configure two languages, e.g. English and Italian
  3. Enable translation for articles
  4. Create an "editor" role and assign it the following permissions: "Create translations", "Translate Article content", "Article: Create new content", "Article: Delete own content", "Article: Edit own content"
  5. Create an editor user
  6. Log in as editor
  7. Create an English article
  8. Create an Italian translation
  9. Log in as admin
  10. Change the owner of the Italian translation
  11. Log in as translator
  12. Visit the translation overview

Expected result: operation links for the Italian translation are hidden, since the editor is no longer allowed to edit or delete it.
Actual result: operation links for the Italian translation are displayed and lead to an access denied page.

Proposed resolution

This happens because access checks are always performed on the default translation instead of the one corresponding to the table row being processed. Fix this.

Remaining tasks

  • Write a patch
  • Reviews

User interface changes

Operation links are correctly hidden when the user has no access to the destination.

API changes

None

Data model changes

None

🐛 Bug report
Status

Needs work

Version

11.0 🔥

Component

content_translation.module

Created by

🇮🇹Italy plach Venezia

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 24 days ago
    🇵🇱Poland gugalamaciek

    Consider scenario:

    1. You are allowed to edit/delete content in original language
    2. You are not allowed to edit/delete EN translation

    On “Translate” tab, “Translate” button was visible when you opened original translation only. When you went to EN translation → clicked “Translate” tab, create translation buttons were not visible. It was because access to create translations was checked based on EN translation (where you don’t have access), not original one (where you have access).

    So, by changing:

    - $create_translation_access = $handler->getTranslationAccess($entity, 'create');
+$create_translation_access = $handler->getTranslationAccess($entity->getUntranslated(), 'create');

    we make sure that create button on translation tab is always calculated based on original content, not current translation.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024