Open findlabnet opened 6 years ago
Just in case the PR created for https://github.com/backdrop/backdrop-issues/issues/2353 makes it, the permission thing would become a one-liner in dblog_menu(), for instance:
'access arguments' => array('clear site reports'),
We are working on this issue during office hours tonight.
The basic goal of this issue (as I understand it) is to add a permission here that says:
clear site logs
Users without this permission will not be able to access this option:
NOTE: The position of this "clear logs" button has recently changed, since the last minor release. You must be working on the latest version of the 1.x branch to see this.
To find the place where this button is generated, I just searched for the string "This action will permanently delete the log messages" and found it at:
/core/modules/dblog/dblog.admin.inc line 421
So, we just need to create a new permission and require that permission before creating this button.
I suggest you do this permission check when the form is built in line 90 of that file. If the user/person doesn't have permission, don't build the form.
I created a pull request that allows anyone with clear logs permission to clear the logs.
Good work @zubaer56
I tested this PR and it seems to work. We created a test user with:
UN: Test User PW: test
This user has the role = editor and we have the editor the role to View site reports
and they are able to see the log report, but not see or use the clear logs button.
If we then give the editor permission to Clear logs
they are.
@findlabnet - What do you think?
It looks like some of the automated tests related to dblog functionality are failing. Probably those need to be modified as well to account for the changes.
Describe your issue or idea
Inappropriate user can accidentally use this button. On multi user site this can cause administration related problem.
Expected behavior
Only administrator level (or user with special role) can see and use this button.