Incorrect operation in CertificateController::viewAccess results in access denied for users without admin priveleges

Created on 23 February 2022, over 2 years ago

Updated 1 February 2023, almost 2 years ago

This one is really simple so I'm going to just blitz past all of the normal stuff. A presumable typo in CertificateController::viewAccess exists.

CURRENT CODE:
return $entity->access('view certificate', $this->currentUser, TRUE);

SHOULD BE:
return $entity->access('view', $this->currentUser, TRUE);

Prevents users who don't pass prior lines of admin privilege checking from being able to view certificates they very well likely have permission to view.

🐛 Bug report

Status

RTBC

Version

3.0

Component

Code

Created by

🇺🇸United States jnicola

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
🇨🇦Canada No Sssweat
No Sssweat → made their first commit to this issue’s fork.
@no-sssweat opened merge request.
Status changed to RTBC almost 2 years ago1:08pm 1 February 2023
Comment almost 2 years ago →
🇨🇦Canada No Sssweat
I concur MR created.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024