- Issue created by @andrew robinson
- π¬π§United Kingdom andrew robinson
IF the above assertion is correct then the attached patch should resolve the issue.
- π¬π§United Kingdom andrew robinson
Further to the above:
I want to be able to give a particular role the ability to Create and Delete Mercury Editor Templates but not the ability to administer them.
At the moment this isn't possible.If I grant the "administer mercury editor template" permission then the user can see the "Mercury Editor Templates" link on the admin/content page, but they are also able to access the settings page within the Structure menu.
If I do not grant the "administer mercury editor templates" permission then the user can not see the "Mercury Editor Templates" link on the admin/content page - even though they do have the "create mercury editor template" permission. - First commit to issue fork.
- Merge request !40Issue #3421389 by Andrew Robinson: Possible incorrect permission in Mercury Editor Templates β (Merged) created by justin2pin
- Status changed to Needs review
10 months ago 6:01pm 16 February 2024 - πΊπΈUnited States justin2pin
Thanks for this! MR!40 introduces a few changes that should cover the use cases described in #3.
- The "administer mercury editor template" permission if for administering the entity settings.
- A new permission, "access mercury editor template overview", is for accessing the admin/content/me-template overview page.
- Another new permission, "use mercury editor templates", is for using templates in the Mercury Editor authoring experience.
@Andrew Robinson let me know if this all makes sense and if you have additional thoughts / feedback!
- π¬π§United Kingdom andrew robinson
Thank you!
I approve of these new more granular permissions. I've tested and on the whole they're working as expected.
However there is one bug still that occurs unless I misunderstand your intentions with the permissions!Scenario:
Role A is someone who creates ME templates.
Role B may not create ME templates but they are allowed to browse existing ones and they are allowed to insert them into new pages that they create.Question: What permissions would you expect to grant to Role B?
My expectation (that may be wrong!) is that they should have:- - Access the Mercury Editor template overview page (to browse existing templates)
- - Use Mercury Editor templates
- - View Mercury Editor template
When I give a user with role B these permissions they are able to see the list of ME templates. When they create a page they can see ME templates in the list of components to add to the page. However when they select one to add a console error is generated and the template fails to be inserted.
The console error is
POST https://my.lndo.site/mercury-editor-templates/ad19f4d251a69b4c0466f385d5d35d29/insert/1?_wrapper_format=drupal_dialog&_wrapper_format=drupal_ajax 403 (Forbidden)I can circumvent this error by granting Role B the "Create Mercury Editor template" permission, but I don't think this is what you intended.
-
justin2pin β
committed cc7af2f4 on 2.1.x
Issue #3421389 by justin2pin, Andrew Robinson: Possible incorrect...
-
justin2pin β
committed cc7af2f4 on 2.1.x
- Status changed to Fixed
6 months ago 2:30pm 20 June 2024 - πΊπΈUnited States justin2pin
Finally getting back to this one. I pushed a simple permissions change that fixes the problem outlined in #7. Merging / marking as fixed -- feel free to reopen if you experience other issues!
Automatically closed - issue fixed for 2 weeks with no activity.