- Issue created by @flemming.fridthjof
- 🇬🇧United Kingdom jonathan1055
Hi flemming.fridthjof,
Thanks for reporting this. I noticed on another issue (on a different module) that the permissions checking for admin urls has been tightened between Core 10.1 and 10.2 so this is probably related.I will try to replicate the problem locally. Also it would be good to expand our test coverage so that this is checked, as the tests all pass currently, even on 10.2.
- 🇬🇧United Kingdom jonathan1055
I have tested this thoroughly and problem you are getting is actually due to changes between Core 10.1 and 10.2, it is not a Scheduler bug.
Here is the scenario which I think replicates what you had before, in Core 10.1
- Create a user with a role that has the admin permission 'access taxonomy overview'.
- The url admin/structure/taxonomy/ is OK and can be accessed. But admin/structure/ and admin/ are both denied
- Add the permission 'Access administration pages and help'. This gives acces to both admin/structure/ and admin/
But in core 10.2 it is slightly different
- Create a user with a role that has the admin permission 'access taxonomy overview'.
- The url admin/structure/taxonomy/ is OK and can be accessed. But admin/structure/ and admin/ are both denied
- Add the permission 'access administration pages'. This give acces to admin/structure/ and it needs another permissions in the structure group, such as 'administer blocks' or 'administer menus'. Permissions such as 'administer views' also does not give admin/structure/ even though the link to admin views does appear there.
- There does not appear to be any permission which gives access to /admin (is that only for user id 1?)
I hope this explains your situation. I have not managed to find out the actual core issues which made these changes between 10.1 and 10.2. It would be useful to have that info.
- 🇬🇧United Kingdom jonathan1055
The results for Core 10.2 above were using a development site with an out-of-date 10.2 branch, dated 21 November. I have now switched to an updated core 10.2 and the result is different. The permission 'Use administration pages' enough to get access to
admin/structure
and the top-leveladmin
. - Status changed to Closed: duplicate
11 months ago 6:41pm 11 January 2024 - 🇧🇪Belgium jelle_s Antwerp, Belgium
For anyone experiencing this issue: the patch/merge request over at 🐛 Admin page access denied even when access is given to child items RTBC should fix it for you.