Incorrect operation in CertificateController::viewAccess results in access denied for users without admin priveleges

Created on 23 February 2022, almost 3 years ago
Updated 1 February 2023, almost 2 years ago

This one is really simple so I'm going to just blitz past all of the normal stuff. A presumable typo in CertificateController::viewAccess exists.

CURRENT CODE:
return $entity->access('view certificate', $this->currentUser, TRUE);

SHOULD BE:
return $entity->access('view', $this->currentUser, TRUE);

Prevents users who don't pass prior lines of admin privilege checking from being able to view certificates they very well likely have permission to view.

๐Ÿ› Bug report
Status

RTBC

Version

3.0

Component

Code

Created by

๐Ÿ‡บ๐Ÿ‡ธUnited States jnicola

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024