Permissions not checked for "Si Prepublish" and "Si Recheck" task links

Created on 16 January 2025, about 2 months ago

Problem/Motivation

The local task buttons for "Si Prepublish" and "Si Recheck" are always present on Node pages, regardless of permissions.

Steps to reproduce

Upgrade to 3.0.1.
Go to any Node page while logged out (assuming Anonymous does not have the "Use Siteimprove Prepublish Check" permission).
Observe local task buttons for "Si Prepublish" and "Si Recheck" are present

Proposed resolution

Looking in `siteimprove.links.task.yml` there is an access_callback to `siteimprove.access_checker:checkAccess`.

`yaml-schema: Drupal Links Task` indicates `property access_callback is not allowed`
In the services file `siteimprove.access_checker` points to `Drupal\siteimprove\Access\SiteimproveAccessChecker` which does not exist.

In short, fix the access check.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

3.0

Component

Code

Created by

🇺🇸United States wsantell

Live updates comments and jobs are added and updated live.

Merge Requests

!29Permissions not checked for "Si Prepublish" and "Si Recheck" task links
Open
🇺🇸United States smustgrave
updated about 1 month ago

Comments & Activities

Issue created by @wsantell
Comment about 2 months ago →
🇩🇰Denmark beltofte Copenhagen 🇩🇰
First commit to issue fork.
Merge request !29Resolve #3500303 "Links appearing" → (Open) created by smustgrave
Comment about 1 month ago →
🇺🇸United States smustgrave
Believe the problem was the base route and route name were switched. See if this works.
Comment 25 days ago →
🇱🇻Latvia arturs.v
Tested and working on version 3.0.2. Thanks!
Comment 13 days ago →
🇨🇦Canada fozboz
I don't see this fix in the 3.0.2 version.
Comment 10 days ago →
🇧🇷Brazil aluzzardi Pelotas, RS
I tested on 3.0.2 and not worked too.
Comment 10 days ago →
🇧🇷Brazil aluzzardi Pelotas, RS
Adding the patch file:

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024