- Issue created by @thatguy
- 🇫🇮Finland Alexander Tallqvist
I'm planning to work on this the upcoming Friday at Siili Solutions Drupal-contrib day.
- Merge request !60Created new permissions for bulk updating and deleting aliases → (Merged) created by Alexander Tallqvist
- last update
about 1 year ago 48 pass - Status changed to Needs review
about 1 year ago 1:00pm 10 November 2023 - 🇫🇮Finland Alexander Tallqvist
I added a new merge request which can be tested. The merge request adds two new permissions to the module. The permission
bulk update aliases
is needed when accessing thepathauto.bulk.update.form
route, and the permissionbulk delete aliases
when accessing thepathauto.admin.delete
route. The tests and the description for theadminister pathauto
permission have also been updated to reflect the changes. - last update
about 1 year ago 48 pass - 🇫🇮Finland Alexander Tallqvist
I discussed the implemented changes with a colleague and ended up modifying the merge request a bit. The route
pathauto.bulk.update.form
now required either theadminister pathauto
OR thebulk update aliases
permission, and the routepathauto.admin.delete
route requires either theadminister pathauto
OR thebulk delete aliases
permission. This is because theadminister pathauto
permission indicates that a users should have access to everything pathauto related. The description for theadminister pathauto
permission has also been updated to reflect these changes. - Status changed to RTBC
about 1 year ago 2:16pm 10 November 2023 - 🇫🇮Finland tormu
Tested with the usual case in mind, being "I want to give my client the ability to create new path aliases but not give them anything related to pathauto, including bulk delete stuff"
Given the permissions as per attachment, the user with Content editor role now only sees the alias addition functionality in /admin/config/search/path - the "Bulk generate" and "Delete aliases" tabs are no longer there.
So works as I was hoping it to."Administer pathauto" or correct one of the new two permissions is now required to access those aforementioned two tabs.
PS. Only tested the functionality from Drupal UI using DrupalPod, did not review code.
- First commit to issue fork.
-
Berdir →
committed 40589be7 on 8.x-1.x authored by
Alexander Tallqvist →
Issue #3395164 by Alexander Tallqvist, tormu, thatguy: Permissions for...
-
Berdir →
committed 40589be7 on 8.x-1.x authored by
Alexander Tallqvist →
- Status changed to Fixed
5 months ago 10:14am 1 August 2024 - 🇨🇭Switzerland berdir Switzerland
Yeah, edge case. This will result in sites no longer having access to those pages, and I'm not sure if we should have an update function to ensure that things work as before, but I also agree that this doesn't match the documentation and is somewhat unintended.
It's a nice change that makes it easier to give non-admin users access to administer url aliases without the more complex and bulk create and delete sections, so lets go with it, will put something in the release notes that nobody will ready ;)
Automatically closed - issue fixed for 2 weeks with no activity.