HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Articles is added to menu even when users don't have permission to view articles
Some of our users (actually all except the admin until we finish evaluating the application) do not have the permission to view articles.Yet they see the "Articles" item added to their menu bar and when they click it they get a "page not found"...
Can this be fixed?
Thanks!
Tagged:
0
Comments
Looks like a permission argument isn't being passed in when the links are added to the menu in the code. This can easily be fixed and I'll be sure to include the fix in Articles v1.1.0, which I plan to release this week.
Thanks for reporting this bug!
Add Pages to Vanilla with the Basic Pages app
Thanks for your speedy feedback. I can do a quick code fix if you show me where. That way we could continue evaluating the application.
Here's quick fix for this issue until v1.1.0 is released:
Open up the
/articles/settings/class.hooks.phpfile and find a line near the top of the file that says:$Sender->Menu->AddLink('Articles', T('Articles'), '/articles');Next, replace it with this:
$Sender->Menu->AddLink('Articles', T('Articles'), '/articles', 'Articles.Articles.View');The link should only show up for users that have the
Articles.Articles.Viewpermission now.Add Pages to Vanilla with the Basic Pages app
Thanks! I can confirm that it works as intended.
BTW, please note my other feedback on category permissions.