Contrib.social

Add the security warning to more core module permissions

Open on Drupal.org β†’
Created on 12 August 2019, almost 5 years ago
Updated 30 January 2023, over 1 year ago

Problem/Motivation

Many core administrative permissions do not have "restrict access" enabled, which means there is not a warning on the permissions page when granting that permission to a role.

Proposed resolution

We should add "restrict access" to all permissions with "Administer" in the title, as well as auditing all other permissions to see where this would be a fit.

Remaining tasks

1. Write a patch.

2. Backport the patch to Drupal 7.

User interface changes

More warnings will be shown on the permissions page.

API changes

None.

Data model changes

None.

Release notes snippet

n/a

πŸ“Œ Task
Status

Needs work

Version

10.1 ✨

Component
User systemΒ  β†’

Last updated about 20 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States samuel.mortenson

Live updates comments and jobs are added and updated live.
  • Novice

    It would make a good project for someone who is new to the Drupal contribution process. It's preferred over Newbie.

  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago β†’
    needs-review-queue-bot

    The Needs Review Queue Bot β†’ tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

    Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.

    Consult the Drupal Contributor Guide β†’ to find step-by-step guides for working with issues.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024