RoleDelegationRemoveRoleUser and RoleDelegationAddRoleUser access() method does not honor $return_as_object parameter

Created on 10 December 2024, 5 months ago

Problem/Motivation

RoleDelegationRemoveRoleUser and RoleDelegationAddRoleUser plugins override the patrent's access() method to allow to assign roles to users who do not have the administer users permission.

However, the code inside the method, assumes that $return_as_object parameter is always a boolean, hence giving false Access Denied errors to users with the permission mentioned above.

Steps to reproduce

Enable Role Delegation module
Create a View with VBO actions to add or remove roles from selected users
Run the view with a user with Administer Users permission, but not Role Delegation specific permissions
The VBO is returning an unexpected Access Denied error

Proposed resolution

Fix code to honor the $return_as_object parameter.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

1.0

Component

Code

Created by

🇪🇸Spain plopesc Valladolid

Live updates comments and jobs are added and updated live.

Merge Requests

!21RoleDelegationRemoveRoleUser and RoleDelegationAddRoleUser access() method does not honor $return_as_object parameter
Open
🇪🇸Spain plopesc
updated 4 months ago

Comments & Activities

Issue created by @plopesc
Merge request !21Issue #3492926: RoleDelegationRemoveRoleUser and RoleDelegationAddRoleUser... → (Open) created by plopesc
Pipeline finished with Failed
5 months ago
Total: 158s
#364465
Comment 5 months ago →
🇪🇸Spain plopesc Valladolid
Pipeline finished with Canceled
4 months ago
Total: 152s
#366298
Pipeline finished with Failed
4 months ago
Total: 219s
#366302
Comment 4 months ago →
🇺🇸United States mikohl
RTBC
Comment 4 months ago →
🇺🇸United States drupgirl
+1 RTBC
Comment 3 months ago →
🇺🇸United States avattikonda Boston
Code changes look good to me. Tested on fresh Drupal 10.4.1 installation.
Status changed to RTBC 2 months ago6:28am 24 February 2025
Comment 2 months ago →
🇲🇾Malaysia muaz91 MY
+1 RTBC

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024