- Issue created by @code-brighton
- last update
about 1 year ago 2 pass - @code-brighton opened merge request.
- π¬π§United Kingdom code-brighton
Created an allowed list of IPs in the config settings at /admin/config/system/perimeter. Patch (from merge request) attached.
- last update
about 1 year ago 2 pass - π¬π§United Kingdom code-brighton
I didn't want to give 'administer site configuration' permissions to the user role that needs to administer the allowed IPs list so I created a new route for just the Allowed IPs list config with a new permission 'administer perimeter defence allowed ips'
Patch created from merge request attached. - πΈπͺSweden alayham
This is good work, however the solution in https://www.drupal.org/project/perimeter/issues/3363678 β¨ Add allowed IP configuration to prevent banning certain IP's Needs review is simpler and easier to maintain because it does not introduce any new forms, permissions or menus.
I suggest closing this ticket as a duplicate of https://www.drupal.org/project/perimeter/issues/3363678 β¨ Add allowed IP configuration to prevent banning certain IP's Needs review - π¬π§United Kingdom code-brighton
@alayham I understand your reasoning here, I see the other branch is a more straightforward solution, but due to my requirements that I don't want to give the wide ranging 'administer site configuration' permissions to the user role that needs to administer the allowed IPs OR even give them the administration rights to setting the "Ban URL patterns" if that became a separate permission for this module. So I will stick to this branch for my use-case for now.
- last update
about 1 year ago 2 pass - last update
about 1 year ago 2 pass - last update
about 1 year ago 2 pass - last update
about 1 year ago 2 pass - π¬π§United Kingdom code-brighton
Allow IP ranges to be entered in the allow list e.g. 127.0.0.1>127.0.55.255
- Status changed to Closed: duplicate
11 months ago 1:10pm 9 January 2024 - π©πͺGermany Grevil
I don't want to give the wide-ranging 'administer site configuration' permissions to the user role that needs to administer the allowed IPs
I can see that, but wouldn't it make more sense to simply change the access permission for "perimeter.settings", to a new module specific permission, like 'access perimeter settings'?
[...] even give them the administration rights to setting the "Ban URL patterns" if that became a separate permission for this module
I see! So you would like a user to be able to whitelist ips, but not be able to ban url patterns. Understandable! But I still think creating an entirely new form isn't the way to go. Instead, I suggest we create 2 new permissions (something along the lines of "access ban patterns" and "access whitelist") and conditionally render the form elements on the settings page if the user has the right permission. With a custom access checking controller, so they can access the route if the user has one of the new permissions.
This way we do not create a second Form and have a more straight forward solution with the same access requirements of this issue's solution.
I'll close this issue in favour of β¨ Add allowed IP configuration to prevent banning certain IP's Needs review , but credit @code-brighton there. And adjust the code accordingly with ideas of this issue. Thanks!