Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User with 'access administration pages' permission can see JWT key config #1026

Open
kayakr opened this issue Feb 14, 2019 · 3 comments
Open

User with 'access administration pages' permission can see JWT key config #1026

kayakr opened this issue Feb 14, 2019 · 3 comments
Labels
Subject: Access Control related to managing roles and permissions/information security.
Milestone
1.x

Comments

@kayakr
Copy link
Contributor

kayakr commented Feb 14, 2019
edited
Loading

Some level of administrator access, e.g. Editor or Moderator roles, may need 'access administration pages' permission (e.g. to see default node and comment administration views, but such a role can also see/change JWT config unless the patch from https://www.drupal.org/project/jwt/issues/2890241#comment-12150674 is applied to add a specific permission for that path.
e.g. similar to

"extra": {
        "enable-patching": true,
        "patches": {
            "drupal/jwt": {
                "Add 'Administer JSON Web Token' permission": "https://www.drupal.org/files/issues/2890241-4-admin-permission.patch"
            }
        },
@dannylamb
Copy link
Contributor

Nice. I'll ask if they can slice a new release, and in the meantime, we can apply that patch or bump jwt to 8.x-dev in https://github.com/Islandora-CLAW/islandora/blob/8.x-1.x/composer.json#L22

@dannylamb
Copy link
Contributor

FYI @kayakr @jonathangreen https://www.drupal.org/project/jwt/issues/3024890#comment-12971964

@kayakr
Copy link
Contributor Author

kayakr commented Feb 14, 2019

@dannylamb Thanks.

@whikloj whikloj added this to the 1.x milestone Apr 11, 2019
@kstapelfeldt kstapelfeldt added Subject: Access Control related to managing roles and permissions/information security. and removed Access control labels Sep 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Subject: Access Control related to managing roles and permissions/information security.
Projects
Islandora Issues Queue
Status: Todo
Milestone
1.x
Development

No branches or pull requests
4 participants
@kayakr @kstapelfeldt @whikloj @dannylamb