- Issue created by @catch
- πΊπΈUnited States phenaproxima Massachusetts
I agree that this is both critical and stable-blocking.
- πΊπΈUnited States phenaproxima Massachusetts
And it'll need test coverage.
- π©πͺGermany jurgenhaas Gottmadingen
Giving authenticated users access to the dashboard might be an issue as this is an admin page, uses the admin theme, and not every authenticated user may have access to the admin theme. As a result, the dashboard may look awkward.
We discussed more fine-grained redirects depending upon role and/or permission before. But the dashboard module has the redirect hard-coded, and we can't make any changes, unless they agree to either remove that redirect or make it optional so that we could come up with smart redirects by turning the fixed redirect off.
- π¦πΊAustralia pameeela
I agree this needs to be fixed in Dashboard, it will be a problem on all sites, not just Drupal CMS.
- π¬π§United Kingdom catch
Let's move this to dashboard, should hopefully just be a permissions check before changing the redirect. Then we can see how that affects Drupal CMS specifically and whether auth users need a custom redirect or not.
- π¦πΊAustralia pameeela
I created an issue in Dashboard already, should have commented.
- πͺπΈSpain plopesc Valladolid
Made some research and the issue is not related to the redirect itself, but the fact that dashboard module requires the 'access administration pages' permission globally to access to any dashboard.
Given that 'access administration pages' permission is set at route level, it is not checked when checking dashboard entity access.
At this point we need to decide whether we want to remove the 'access administration pages' permission for dashboards, or maintain the permission, but include it at entity level instead of route level.
- Merge request !47Issue #3495336: Users with access to dashboard get access denied on login if they don't have 'access administration pages' permission β (Merged) created by plopesc
- πͺπΈSpain plopesc Valladolid
It seems more logic to not require the
access administration pagespermission to access dashboards.
Created MR for that approach to gain some time.However I would like to get input form other Dashboard folks before signing off the technical decision.
- πͺπΈSpain penyaskito Seville π, Spain πͺπΈ, UTC+2 πͺπΊ
It seems more logic to not require the access administration pages permission to access dashboards.
I agree with this. I could see the usecase of showing dashboards with the frontend theme as node edit does, eventually by using a setting.
With this patch, if I don't have access to the admin theme, the frontend theme is used.
I would be concerned about permissions, so checked this with a couple of blocks and the dashboard shows empty if I don't have the other necessary permissions for each block. E.g. don't see a content view if I don't have the required permissions for the view, etc.
The theme used is the front-end one if I don't have the permissions to access the admin theme. - πΊπΈUnited States phenaproxima Massachusetts
Looks like tests were written here.
-
penyaskito β
committed 7d33fd9f on 2.x authored by
plopesc β
Issue #3495336 by plopesc, catch, phenaproxima, pameeela, jurgenhaas,...
-
penyaskito β
committed 7d33fd9f on 2.x authored by
plopesc β
Automatically closed - issue fixed for 2 weeks with no activity.
