Check access for "Back to Administration" toolbar link

Open on Drupal.org →

Created on 16 January 2025, 3 months ago

Problem/Motivation

This is a follow-up for ✨ Make "Back to Administration" toolbar link configurable Active . The default "Back to Administration" link goes to the content overview page. If the current user doesn't have the permission to view the content overview page the user gets a 403 Access forbidden error message.

In my current project most users cannot create "global" contents but only contents inside of a group. Therefore it doesn't make sense to give them access to the content overview.

Steps to reproduce

Enable Gin Toolbar →
Enable "Show Secondary Toolbar in Frontend"
Create a role with some admin permissions like "administer views" but without the "access content overview" permission.
- Assign this role to a user as the only role.
- Login as that user.
Go to a route with no associated entity such as a view page or a custom route
See the "Back to Administration" link in the secondary toolbar

Proposed resolution

For the default "Back to Administration" link check the permissions of the current user and use the following fallback cascade to generate the url:

If user has "access content overview" permission --> "system.admin_content" route.
Else if user has "access administration pages" permission --> "system.admin" route.
Else --> "user.page" route.

🐛 Bug report

Status

Active

Version

2.0

Component

User interface

Created by

🇦🇹Austria mvonfrie

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Merge Requests

!55Check access for "Back to Administration" toolbar link
Open
sourabhsisodia_
updated 3 months ago

Comments & Activities

Issue created by @mvonfrie
Comment 3 months ago →
sourabhsisodia_
Merge request !55Issue #3500267 : Resolved the user redirect issue. → (Open) created by sourabhsisodia_
Pipeline finished with Failed
3 months ago
Total: 122s
#398954
Comment 3 months ago →
sourabhsisodia_
Status changed to RTBC 10 days ago1:13pm 9 April 2025
Comment 10 days ago →
🇮🇳India Tirupati_Singh
Hi, I've applied the provided MR as a patch, and it applied cleanly without any errors. After applying the patch, when the logged-in user has no Access the Content overview page permission, then on clicking Back to Administration /admin page is opening and when the user has the permission then /admin/content page is opening.

Previously, clicking the Back to Administration opens 403 (Access Denied) when the user has no Access the Content overview page permission and opens /admin/content page when access is provided.

As the provided MR fixes the issue as per the proposed resolution and the changes are working fine, hence moving the issue status to RTBC. Attaching the screenshot and video clips for reference.

Thanks!

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024