Contrib.social

Permission "Manage menus Create, update and delete menus" not working

Open on Drupal.org →
Created on 9 August 2024, 6 months ago

Problem/Motivation

I found a problem with the permission "Manage menus Create, update and delete menus" inside a group permissions. Due to this much more users can add menu even though they should not be allowed to.

Steps to reproduce

I have set the permissions so only admin (group internal and external) can create a new menu inside a group ("Add new menu"). But instead every group member with "Manage menu items" permission is able to add new menus to a group.

At least group_content_menu 3.0.2 and 3.0.3 seem to have this issue.

Proposed resolution

Check for correct permission in GroupContentMenuRouteProvider.php. I've included a patch.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report
Status

Active

Version

3.0

Component

Code

Created by

🇩🇪Germany tinytina

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @tinytina
  • Comment 6 months ago
    🇩🇪Germany tinytina
  • Comment 8 days ago
    🇦🇹Austria mvonfrie

    I have the same problem with 3.0.5. My customer wants to have exactly one group menu per group and only admins should be allowed to create/delete groups and their related menus, but group members with specific group roles (group admin, group content manager) should be able to create/edit/delete group menu items.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024