Remove automatic administrator bypass for role-based menu item access control

Open on Drupal.org →

Created on 2 September 2024, 26 days ago

Updated 3 September 2024, 26 days ago

Problem/Motivation

This task is specific to my project needs, where I require the removal of the automatic administrator bypass for role-based menu item access control in the menu_item_role_access module. In my project, administrators should adhere to the same role-based restrictions as other users to enforce specific access control policies.

Steps to reproduce

Install and enable the menu_item_role_access module.
Assign a menu item with restricted access to specific roles, excluding the administrator role.
Log in as an administrator.
Notice that the administrator can still see the restricted menu item, bypassing the role-based access control.

Proposed resolution

The proposed resolution is to remove the check that automatically allows administrators to bypass role-based restrictions. This change is necessary to ensure that role-based menu item access controls are consistently applied to all users in this specific project.

Remaining tasks

Remove the administrator bypass check from the menuLinkCheckAccess method.
Create a patch for the module with this change.
Test the patch to ensure it does not introduce any regressions and that it correctly restricts menu access for administrators based on roles.
Apply the patch in the project’s environment.

User interface changes

None.

API changes

None.

Data model changes

None.

📌 Task

Status

Closed: won't fix

Version

2.0

Component

Code

Created by

🇨🇷Costa Rica thony1199

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @thony1199

Comment 26 days ago →

🇨🇷Costa Rica thony1199

I removed this:

 if ($this->account->hasPermission('link to any page')) { 
   return $access_result->cachePerPermissions();
 }

This solves my problem.

Status changed to Downport 26 days ago9:52pm 2 September 2024
Comment 26 days ago →
🇨🇷Costa Rica thony1199
Comment 26 days ago →
🇨🇷Costa Rica thony1199
Adjustments based on personal requirements.
Comment 26 days ago →
🇨🇷Costa Rica thony1199
My previous patch didn't work properly for me, so I've fixed it again.
Comment 26 days ago →
🇨🇷Costa Rica thony1199
My previous patch didn't work properly for me, so I've fixed it again.
Comment 26 days ago →
🇨🇷Costa Rica thony1199
Comment 26 days ago →
🇨🇷Costa Rica thony1199
I've reworked the module a bit more, instead of selecting the roles in which I want it to be displayed, we now select the modules in which I don't want the menu item to be displayed.

This is due to an internal objective.
Status changed to Closed: won't fix 26 days ago1:57am 3 September 2024
Comment 26 days ago →
🇨🇷Costa Rica thony1199

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024