Lack of permission to set who can assign roles to menu links

Created on 24 September 2024, 6 months ago

Problem/Motivation

The Menu Per Role module currently lacks the necessary granularity to control who can assign roles for menu item visibility. The module provides a general permission (administer menu_per_role), which allows access to the configuration of the module but does not distinguish between users who should only manage the settings and those who should have the ability to assign visibility roles to menu links.

Additionally, the naming and description of the administer menu_per_role permission are misleading. This permission implies general module administration, but its real function is more limited. It needs to be renamed and clarified to reflect its actual usage.

Steps to reproduce

  1. Install the Menu Per Role module on a Drupal 10.x site.
  2. Assign the administer menu_per_role permission to a user role.
  3. Edit a menu item and observe that there is no specific permission to control who can assign roles to determine the visibility of the menu link.
  4. Any user with the administer menu_per_role permission can both access the module settings and assign visibility roles to menu links, without separate permissions to control these actions.

Proposed resolution

  1. Rename and clarify the existing permission:
    • Change the name of administer menu_per_role to administer menu_per_role settings.
    • Update the title and description of the permission to reflect that it is specifically for accessing the module’s settings.
    • Proposed new title and description:

    • Name: administer menu_per_role settings
    • Title: "Administer Menu Per Role settings"
    • Description: "Permission to configure Menu Per Role settings."
  2. Create a new permission to control role assignments for menu item visibility:
    • Name: assign menu role visibility
    • Title: "Assign roles for menu link visibility"
    • Description: "Allows users to assign which roles can view specific menu links."
  3. Modify the module’s form logic (in menu_per_role_form_menu_link_content_form_alter) to check for the new assign menu role visibility permission. Only users with this permission should be able to assign visibility roles to menu links, while the general module settings should remain restricted to users with administer menu_per_role settings.

With this proposed change, the module will provide better control over who can manage its settings and who can assign role-based visibility to menu items.

Feature request
Status

Active

Version

1.8

Component

Code

Created by

🇪🇸Spain einarulfhednar

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024