search

CuBoulder / express_mono

Monolithic Express Profile - contains all bundles
GNU General Public License v2.0
1 stars 2 forks source link

Page "admin/structure/block/add-menu-block" is exposed to Site Owners #810

Closed cathysnider closed 3 years ago

cathysnider commented 3 years ago

Site owners can get to a page that they shouldn't. And of course, some of them do.

They click the little widget on a menu block >> Choose Configure Block >> Click the link 'menu block's detailed help' >> Click "Add menu block" . And there it is.

It's a very confusing page for them which they should not be able to get to.

It's because perms are set so that anyone who has 'Administer Blocks' + 'Administer Menus' (which our site owners do) gets the 'Add Block Menu' perms baked in. See https://github.com/CuBoulder/express_mono/blob/dev/modules/contrib/menu_block/menu_block.module#L84

jwfuller commented 3 years ago

Is an issue, effort level to fix is too high.