Contrib.social

Only show link to taxonomy overview when user has access

Open on Drupal.org →
Created on 14 March 2023, almost 2 years ago
Updated 21 March 2023, almost 2 years ago

Problem/Motivation

A button was added to the taxonomy terms create page to redirect to the vocabulary list after creating a new term .

In this issue we forgot to add a check if a user has access to the overview page.

In general it is a bad (security & ux) practice to show links to items a user doesn't have access to.

Steps to reproduce

- create a taxonomy
- create a user with permission to create/edit terms in this taxonomy
- link to the creation form
- click on the "Save and go to list" button
- a 403 access denied is shown

Proposed resolution

Hide the "Save and go to list" link when a user doesn't have access.

Remaining tasks

Add a check to see if the user has the "Access the taxonomy vocabulary overview page" permission.

User interface changes

In some cases the "Save and go to list" link will be hidden.

API changes

-

Data model changes

-

Release notes snippet

🐛 Bug report
Status

Fixed

Version

9.5

Component
Taxonomy 

Last updated 7 minutes ago

  • Maintained by
  • 🇺🇸United States @xjm
  • 🇬🇧United Kingdom @catch
Created by

🇧🇪Belgium mpp

Live updates comments and jobs are added and updated live.
  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

  • Usability

    Makes Drupal easier to use. Preferred over UX, D7UX, etc.

Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024