Contrib.social

Add dedicated permission for tools

Open on Drupal.org →
Created on 20 November 2024, about 1 month ago

Problem/Motivation

Currently all the tools use the generic permission check 'administer site configuration'.
However, this is a pretty broad permission, which does not allow for fine grained access control.
For example we would consider giving this permission to clients, but would not want the extra tools provided by this module to be accessible by the same clients.

Proposed resolution

Provide a module-specific permission to access tools.

Remaining tasks

- Add a module-specific permission
- Provide upgrade path

Feature request
Status

Active

Version

1.0

Component

Code

Created by

🇧🇪Belgium svendecabooter Gent

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @svendecabooter
  • Merge request !17Resolve #3488541 "Add dedicated permission" → (Open) created by svendecabooter
  • Comment about 1 month ago
    🇧🇪Belgium svendecabooter Gent

    Created MR to add this functionality.
    Attached is a patch file for composer based patching workflow.

  • Pipeline finished with Success
    about 1 month ago
    Total: 212s
    #344332
  • Comment about 1 month ago
    🇧🇪Belgium svendecabooter Gent

    Updated patch file.

  • Pipeline finished with Success
    about 1 month ago
    Total: 179s
    #344334
  • Comment about 1 month ago
    🇮🇪Ireland lostcarpark

    Thanks for working on this. It looks great. I just wonder should we be making the permissions more granular, so that users could be given access to some functions but not all?

  • Pipeline finished with Success
    19 days ago
    Total: 259s
    #357456
  • Comment 19 days ago
    🇧🇪Belgium svendecabooter Gent

    I have updated the MR with split permissions.
    Through permissions you can now decide whether to give a user access to:
    - clear caches
    - run cron
    - run updates (no extra permission added for this, since it is managed by core routing)

    I don't think individual cache flush actions don't need their own specific permissions?

    I have also added a specific `/admin/tools` route that just lists the children menu items. This is so the "Tools" heading in the navigation bar points to that page, instead of the frontpage. This also avoids the "Tools" menu being shown in the navigation toolbar, when a user does not have any of the new permissions assigned to them.

    Attached also a .patch version of the full MR, for composer patch workflows.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024