Add the security warning to more core module permissions

Created on 12 August 2019, over 5 years ago

Updated 30 January 2023, almost 2 years ago

Problem/Motivation

Many core administrative permissions do not have "restrict access" enabled, which means there is not a warning on the permissions page when granting that permission to a role.

Proposed resolution

We should add "restrict access" to all permissions with "Administer" in the title, as well as auditing all other permissions to see where this would be a fit.

Remaining tasks

1. Write a patch.

2. Backport the patch to Drupal 7.

User interface changes

More warnings will be shown on the permissions page.

API changes

None.

Data model changes

None.

Release notes snippet

n/a

📌 Task

Status

Needs work

Version

10.1 ✨

Component

User system →

Last updated 2 days ago

Maintained by
🇺🇸United States @moshe weitzman
🇧🇪Belgium @kristiaanvandeneynde

Created by

🇺🇸United States samuel.mortenson

Live updates comments and jobs are added and updated live.

Novice
It would make a good project for someone who is new to the Drupal contribution process. It's preferred over Newbie.

Security improvements
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

mwds2019

Needs issue summary update
Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
needs-review-queue-bot
The Needs Review Queue Bot → tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.

Consult the Drupal Contributor Guide → to find step-by-step guides for working with issues.
Status changed to Active 10 days ago7:40am 6 November 2024
Comment 10 days ago →
🇳🇿New Zealand quietone
Comment 10 days ago →
🇳🇿New Zealand quietone

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024