Contrib.social

Granular permissions are not working as expected.

Open on Drupal.org β†’
Created on 12 July 2023, almost 2 years ago
Updated 28 August 2023, over 1 year ago

Problem/Motivation

A certain role should just see the links it has permissions for, but I can either give it access to all or none of the links.

Steps to reproduce

1. Installed environment indicator on a fresh d10.1.1
2. Create user with a certain role, let's say editor
3. Created three environments local, dev and live via admin/config/development/environment-indicator/switcher
4. Added local as environment in setting.local.php like described in the readme on local environment
5a. Set permission for editor to see, let's say local and dev

No environment switcher is shown

5b. Set permission "access environment indicator" like stated on /admin/config/development/environment-indicator

Environment switcher with all links is shown.

Am I missing something?

Proposed resolution

5a should show the switcher with links according to permissions.

πŸ’¬ Support request
Status

Active

Version

4.0

Component

Code

Created by

πŸ‡©πŸ‡ͺGermany uniquename Berlin

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @uniquename
  • Comment almost 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States timwood Rockville, Maryland

    We encountered this issue as well trying to limit the ability of lower level roles to see lower level environments other than prod, while still allowing them to see the color indicator for prod.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States devkinetic

    I'm working on a refactor that does away with the config overrides in settings.php, as the information is already in the config entities. Along with that is a refactoring of the permissions. There was a bug when the active environment could be blank. I took a long look at the permissions and they will be configured as follows:

    - If a user "has access environment indicator" they can see everything.
    - If a user does not have that permission, you mush opt the role into each environment via each respective permission.

    When a user visits an environment in their browser, they must have permission to access the indicator for that particular environment, otherwise nothing will show.

    @timwood I don't really understand your use case.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States timwood Rockville, Maryland

    @devkinetic Thanks for working on this!

    Our use case is for non-admin users to see the admin toolbar with environment indicator color but NOT the switcher.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States devkinetic

    Gotcha. The javascript (which is where the colors and favicon come from) is only included if you have access to the environment. That is a different issue than the issue description.

    I'm pretty sure the issue here is the bug I found. It all centers around determining the currently active environment. There is no connection between the config overrides and the EnvironmentIndicator entities.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States justcaldwell Austin, Texas

    Just wanted to add our use case to @timwood's.

    Our switcher is currently configured for 4 environments: Dev, Test, Prod and a link to the public site (which is served from a different host than our production host).

    We want non-admin contributors to see the color and the switcher for only Prod and the public site.

    Thanks!

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States devkinetic

    I think a core feature was overlooked in the conversion. The initial permission, "access environment indicator" should solely drive the toolbar in the basic version, or the tab when using the toolbar. Having access to environments should only be taken into account building the selector or determining more advanced per-environment settings.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024