HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Articles is added to menu even when users don't have permission to view articles

rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one"NY ✭✭✭

Some of our users (actually all except the admin until we finish evaluating the application) do not have the permission to view articles.Yet they see the "Articles" item added to their menu bar and when they click it they get a "page not found"...
Can this be fixed?
Thanks!

Tagged:

Comments

  • Looks like a permission argument isn't being passed in when the links are added to the menu in the code. This can easily be fixed and I'll be sure to include the fix in Articles v1.1.0, which I plan to release this week. :)

    Thanks for reporting this bug!

    Add Pages to Vanilla with the Basic Pages app

    rbrahmsonhgtonightBleistivt
  • rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one" NY ✭✭✭

    Thanks for your speedy feedback. I can do a quick code fix if you show me where. That way we could continue evaluating the application.

  • Here's quick fix for this issue until v1.1.0 is released:

    Open up the /articles/settings/class.hooks.php file and find a line near the top of the file that says:

    $Sender->Menu->AddLink('Articles', T('Articles'), '/articles');
    

    Next, replace it with this:

    $Sender->Menu->AddLink('Articles', T('Articles'), '/articles', 'Articles.Articles.View');
    

    The link should only show up for users that have the Articles.Articles.View permission now.

    Add Pages to Vanilla with the Basic Pages app

    hgtonightrbrahmsonR_J
  • rbrahmsonrbrahmson "You may say I'm a dreamer / But I'm not the only one" NY ✭✭✭
    edited July 2015

    Thanks! I can confirm that it works as intended.

    BTW, please note my other feedback on category permissions.

Sign In or Register to comment.