Route always inaccessible if it has a permission requirement using OR ('+')

Created on 21 June 2023, almost 2 years ago

Updated 19 July 2023, almost 2 years ago

Problem/Motivation

If a route has a permission requirement using OR ('+'), our altering of the requirement breaks it, making the route inaccessible to all. An example route is entity.taxonomy_vocabulary.collection with access taxonomy overview+administer taxonomy as permission requirement.

The reason is that OR ('+') and AND (',') separators cannot be used at the same time (see Drupal\user\Access\PermissionAccessCheck::access).

Proposed resolution

Since this kind of requirement cannot be expressed using a simple _permission string, we should replace it with a custom access check.

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇧🇪Belgium dieterholvoet Brussels

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @dieterholvoet
@dieterholvoet opened merge request.
Comment almost 2 years ago →
System Message

DieterHolvoet → committed ccf19cd5 on 1.0.x
Issue #3368193 by DieterHolvoet: Route always inaccessible if it has a...
Status changed to Fixed almost 2 years ago2:15pm 19 July 2023
Comment almost 2 years ago →
🇧🇪Belgium dieterholvoet Brussels
Comment almost 2 years ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024