Contrib.social

Fix Permissions

Open on Drupal.org →
Created on 12 February 2020, over 5 years ago
Updated 22 July 2024, about 1 year ago

Problem/Motivation

Permissions are missing for price list items, the “Access the price rules overview page” permission doesn’t do anything, the Price List entity has the wrong admin permission, and the installed Views should respect the “View price lists” permission.

Proposed resolution

Fix all of the permissions.

🐛 Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

🇺🇸United States daniel korte Brooklyn, NY

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 year ago
    🇬🇧United Kingdom alexpott 🇪🇺🌍

    This is definitely an issue. The views in the module are shipping with a permission that does not exist. I think that having permissions for for price rules, price lists and price list items is unnecessary. Atm:

    • price rule uses Drupal\commerce\EntityPermissionProvider
    • price list uses Drupal\commerce\EntityPermissionProvider
    • price list item uses "administer commerce_price_rule"

    Not sure of the correct structure though. It feels like price list item should use something from price list and not price rule.

  • Comment about 21 hours ago
    🇨🇷Costa Rica estebanvalerio.h

    The patch is doing its job and provides a solution for this "problem". It works propertly on the project we are using it and the patch code itself is well-structured, security-focused, and properly implemented. It addresses all the stated issues:

    - Adds missing permissions for price list items
    - Makes "Access the price rules overview page" functional
    - Fixes Price List entity admin permissions
    - Makes Views respect proper view permissions

    The patch follows Drupal best practices and enhances security through proper permission granularity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024