-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access to admin menu entries if not member of the sys admin group #5015
Comments
This bug is related only for cases where menu entries are initialized by deprecated method |
Thanks @yurabakhtin. I confirm this resolves the problem. |
@yurabakhtin a problem is remaining: if the permission "Can manage custom pages" is set to "Allow" and all others permissions are set to default (e.g. "Manage users" is set to "Deny"), the menu entry "Administration" is shown in the account menu (this is normal), but when you clic on the menu entry, you arrive to |
@funkycram Yes, the problem is still remaining. @luke- The url
The custom pages menu link can be displayed when user has permission So if we need to fix this issue I think we should remove the permission rule completely from the admin index controller because this controller has only single action where we also check first allowed menu entry, i.e. if user has no access to any admin menu event from external module the |
It should have the sames conditions as the
|
@yurabakhtin Yes, good point. i have already removed the permissions and committed it. |
I confirm it does work fine. Thanks! |
$entry->isVisible = true;
What steps will reproduce the problem?
I will take the example of the Custom pages module, but the problem is the same for other modules.
A user that is not member of the system admin group, but is member of a group for which the permissions "Can manage custom pages" is set to "Allow":
What is the expected result?
This user should see the "Custom pages" menu entry in the admin menu:
What do you get instead?
The page is accessible:
/custom_pages/page
(this is normal).But the menu entry is not show.
Additional info
The cause is somewhere here: https://github.com/humhub/humhub/blob/master/protected/humhub/modules/admin/widgets/AdminMenu.php#L165
This user cannot manage modules and the entry is not set to visible, as it is not possible to make if visible because of this method:
humhub/protected/humhub/modules/ui/menu/MenuLink.php
Line 191 in 42ff9f8
The text was updated successfully, but these errors were encountered: