Admin config overview shows links that the user cannot access

Created on 17 July 2019, almost 5 years ago
Updated 18 May 2023, about 1 year ago

Steps to reproduce

  1. log in as a user with the 'access administration pages' permission, but not 'administer image styles'
  2. Visit /admin/config

Expected result

Only links that you have access to visit should be displayed

Actual result

Links you cannot access are displayed, but if you click them, you get an access denied message.

\Drupal\system\Controller\SystemController::overview does include a check that should prevent this - the commit message references #1805054: Cache localized, access filtered, URL resolved, and rendered menu trees β†’

πŸ› Bug report
Status

Closed: cannot reproduce

Version

9.5

Component
SystemΒ  β†’

Last updated 1 day ago

No maintainer
Created by

πŸ‡¬πŸ‡§United Kingdom malcomio

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024