In Dropbutton, do not show links that the user does not have access to

Created on 6 November 2020, about 4 years ago
Updated 15 January 2024, 12 months ago

Problem/Motivation

When we render a views custom field link in Global: Dropbutton there is no access check, as a result the user is also shown drop button links which the user doesn't have access to.

Steps to reproduce

1. Create a view with a field type "Custom text".
2. Choose "Output this field as a custom link" in "Rewrite results"
3. Enter a link like "/node/add/page"
3. Create a Global:Dropbutton with the above link
4. The link will be shown to users without a permission to create a page node.

Proposed resolution

Check if the viewers have a permission and if not hide the link or the field.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report
Status

Needs work

Version

11.0 🔥

Component
Render 

Last updated about 9 hours ago

Created by

🇩🇪Germany demonde

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024