Contrib.social

Permissions issue

Open on Drupal.org →
Created on 4 January 2024, 11 months ago
Updated 9 January 2024, 11 months ago

Problem/Motivation

If a user does not have "Use CKEditor5 Embedded content" as permission, the button still shows up in the CKEditor. This causes a console error when clicked and uncertainty for the editor.

Steps to reproduce

  1. Install the module
  2. Configure embedded content in the CKEditor 5
  3. Create a user role without "Use CKEditor5 Embedded content" permission
  4. Click the button in the editor (as a user with the new role)

Proposed resolution

Integration of the permission in CKEditor

🐛 Bug report
Status

Active

Version

1.0

Component

Code

Created by

🇧🇪Belgium stefvanlooveren

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @stefvanlooveren
  • Comment 11 months ago
    🇪🇸Spain nuez Madrid, Spain

    Thanks for the issue.

    I am not sure what the best approach would be:

    1. Show the button but instead of rendering the plugin configuration form show an 'access denied message'?
    2. Not show the button at all
    3. Should we have a seperate permission in the first place? In the end adding the button to the filter, which has it's own permission, should be good enough? I suggest removing the permission in the version 2 altogether.

    What do you think?

  • Comment 11 months ago
    🇧🇪Belgium stefvanlooveren

    I'd say it is better to keep the permission and not show button if no permission.
    + with permissions, you can limit access to certain controllers or settings (if needed). This way it is future-proof.

    That being said, show button but show access denied message will enhance communication between clients and developers. Instead of finding out later, they quickly see what the problem is. Your decision to take :D

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024