Contrib.social

Redirect on user login should check whether user has access to any dashboards

Open on Drupal.org →
Created on 21 December 2024, 4 months ago

Problem/Motivation

This module redirects users to the dashboard on login, which is intentional. But it does not check whether the current user has access to any dashboards, and if they don't, they get a 403 on login. 🐛 Authenticated users get access denied Active

Steps to reproduce

  1. As an admin user, create a new user account, don't assign any roles.
  2. As the new user, log in.
  3. After login, you get redirected to the dashboard, but you don't have access to it, so access denied.

Proposed resolution

Most sites would no grant dashboard access to authenticated users. The redirect to dashboard should check whether the current user can access any dashboards, and if they can't, don't redirect them -- just let the site handle it.

Remaining tasks

TBC

🐛 Bug report
Status

Active

Version

2.0

Component

Code

Created by

🇦🇺Australia pameeela

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @pameeela
  • First commit to issue fork.
  • Merge request !46Issue #3495493: Redirect on user login should check whether user has access to any dashboards → (Open) created by plopesc
  • Comment 4 months ago
    🇪🇸Spain plopesc Valladolid

    Hello,

    Checked the logic in the dashboard module to double check that scenario described is covered and found out that users with no access to dashboard are not being affected by dashboard redirects and they follow the default Drupal flow.

    Tested manually in a vanilla Drupal site with standard profile and only dashboard enabled following these steps:

    • Run ddev drush si standard -y && ddev drush en navigation dashboard -y
    • Run ddev drush user:create foo --password='foo'
    • Login as user 1 and create a dashboard from the UI, and ensure that it is enabled
    • Logout
    • Login as foo user and confirm that no 403 error is thrown. User is redirected to their user profile page instead

    Thanks to this issue, found out that we had not an specific test for the described scenario and added it to the new MR.

  • Comment 4 months ago
    🇪🇸Spain plopesc Valladolid

    This one is related to 🐛 Authenticated users get access denied Active . I think we can mark this as duplicated and continue the global discussion there.

    Thank you for reporting!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024