Route always inaccessible if it has a permission requirement using OR ('+')

Created on 21 June 2023, about 1 year ago

Updated 19 July 2023, 12 months ago

Problem/Motivation

If a route has a permission requirement using OR ('+'), our altering of the requirement breaks it, making the route inaccessible to all. An example route is entity.taxonomy_vocabulary.collection with access taxonomy overview+administer taxonomy as permission requirement.

The reason is that OR ('+') and AND (',') separators cannot be used at the same time (see Drupal\user\Access\PermissionAccessCheck::access).

Proposed resolution

Since this kind of requirement cannot be expressed using a simple _permission string, we should replace it with a custom access check.

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇧🇪Belgium DieterHolvoet Brussels

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @DieterHolvoet
@dieterholvoet opened merge request.
Comment 12 months ago →
System Message

DieterHolvoet → committed ccf19cd5 on 1.0.x
Issue #3368193 by DieterHolvoet: Route always inaccessible if it has a...
Status changed to Fixed 12 months ago2:15pm 19 July 2023
Comment 12 months ago →
🇧🇪Belgium DieterHolvoet Brussels
Comment 11 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024