Multiple Role checking not working

Created on 13 September 2023, over 1 year ago
Updated 15 September 2023, over 1 year ago

Problem/Motivation

Tried to add /userpanel/*/edit as a path exclusion but it does not seem to take wildcards.

I really do not want to add the entire "Authenticated" role to the exclusion roles since there are other parts of the website where I would prefer cleantalk to still run, however, since I cannot find another way to add /userpanel/*/edit to the exclusion list, I was forced into adding the Authenticated role to the bypass (Roles checking). So now I have Administrator and Authenticated user as excluded roles. I have the "Tell others about CleanTalk" option checked to see where cleantalk is enabled. When logged in as administrator, it correctly bypasses cleantalk. However, when logged in as Authenticated user, the Edit User page is still showing cleantalk.

This means there must be a bug somewhere when Authenticated user is selected or when multiple roles are selected as a bypass.

Is this a bug?

I currently have these 3 path exclusions:
/userpanel/password,/userpanel/login,/userpanel/reset/,
Is there a way to add /userpanel/*/edit as a wildcard exclusion path?

If these 4 paths were included as regular expressions, how would that look? Does regular expressions take wildcards? I am not knowledgeable in RegEx.

Thank you.

πŸ› Bug report
Status

Active

Version

9.2

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States jsidigital

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @jsidigital
  • πŸ‡·πŸ‡ΊRussia znaeff

    Hello,

    Thank you for your request.

    Our developers will check this. We will contact you within 1-3 business days.

  • πŸ‡·πŸ‡ΊRussia znaeff

    Hello,
    Thank you for waiting.

    Tried to add /userpanel/*/edit as a path exclusion but it does not seem to take wildcards.

    We've fixed this issue. The patch is attached.

    I currently have these 3 path exclusions:
    /userpanel/password,/userpanel/login,/userpanel/reset/,
    Is there a way to add /userpanel/*/edit as a wildcard exclusion path?
    If these 4 paths were included as regular expressions, how would that look? Does regular expressions take wildcards? I am not knowledgeable in RegEx.

    You can use /userpanel/* to exclude all pages that have "userpanel" in the URL.

    So now I have Administrator and Authenticated user as excluded roles. I have the "Tell others about CleanTalk" option checked to see where cleantalk is enabled. When logged in as administrator, it correctly bypasses cleantalk. However, when logged in as Authenticated user, the Edit User page is still showing cleantalk.
    This means there must be a bug somewhere when Authenticated user is selected or when multiple roles are selected as a bypass.
    Is this a bug?

    No, that's how the option works.

    Did it help you?

  • πŸ‡ΊπŸ‡ΈUnited States jsidigital

    Thank you for the reply.

    However, I cannot use /userpanel/* as a wildcard because I need the registration form to keep cleantalk.
    Using /userpanel/* would remove cleantalk from all user related pages, including the registration form.
    I need cleantalk on the registration page.

    So am I able to use /userpanel/*/edit as a wildcard or does it have to be as you suggest?

    Or can I add /userpanel/* as an exclusion but have an option to whitelist pages? This way I can exclude all /userpanel/* paths except /userpanel/register which would be whitelisted/included.

    NOTE:
    Drupal by default uses /user/, but I am using the Rename Admin Paths module and use /userpanel/ as my user paths there.

  • πŸ‡ΊπŸ‡ΈUnited States serge-m

    Thank you for your questions.
    I added them to the task. Please, wait for our answers up to 3 business days.

  • πŸ‡ΊπŸ‡ΈUnited States serge-m

    Hello.

    This wildcard should fix the issue:
    /userpanel/.+/edit

    Also, we will not implement exclusions inside of exclusions as you asked in the second part of you post.

    Did it help you?

Production build 0.71.5 2024