Allowing authenticated users access to setup adds misleading message to config form

Created on 3 June 2025, 4 days ago

Problem/Motivation

A message "- Role does not have access to configure own tokens, verify permissions" is shown against all other roles if authenticated user is given 'setup own tfa' permission

Steps to reproduce

  1. Grant 'setup own tfa' to authenticated
  2. Go to /admin/config/people/tfa and check the 'Roles required to set up TFA' list

Proposed resolution

Update message

Remaining tasks

MR

User interface changes

Different message

API changes

N/A

Data model changes

N/A

πŸ› Bug report
Status

Active

Version

2.0

Component

User interface

Created by

πŸ‡¬πŸ‡§United Kingdom scott_euser

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @scott_euser
  • Merge request !143Inherit permissions message β†’ (Open) created by scott_euser
  • πŸ‡¬πŸ‡§United Kingdom scott_euser

    Before:

    After:

  • πŸ‡¬πŸ‡§United Kingdom scott_euser
  • Pipeline finished with Success
    3 days ago
    Total: 706s
    #513712
  • πŸ‡ΊπŸ‡ΈUnited States cmlara

    Overall looks good.

    There is one small oddity I encountered in a quick validation check.

    If one sets the permission for a role (such as content editor) and then sets the Authenticated user to have the permission the content editor role permission is still present so it will not display the inheritance warning, however at the same time a site owner can not remove the permission from the role as it is inherited.

    While the patch is actually technically more correct as currently written, should we consider performing the inheritance check first and then the hasPermission check for a more consistent UI?

    If we were to do that however I imagine the Administrator role would show as inheriting, is that a better or worse UX than what is currently in the patch?

    Leaving NR for additional feedback.

Production build 0.71.5 2024