I'm working on Pagekit to create a blog admin role, but some extension shows in the admin menu the extension icon, also when role doesn't have no permission for it.
I think it could be useful hide things that role cannot use, adding an 'access' parameter in the definition of menu.
I found this problem in sqpr/assets and spqr/redirect.
Solved it adding a row in main index.php file of each extensios:
For the second extension spqr/redirect I found another problem:
I saw the icon on the admin menu points at "admin/redirect/target" so if a user doesen't have the permission 'redirect: manage target' but only one of the other two, he can view corretly the menu item, but clicking it, he receive a permission error.
Same problem is also in the main module pagekit/app/system/modules/site
the admin menu item is a link to admin/site/page and if a user (as one of mine ) has the only permission 'system: manage storage' he can view the icon "site", but cliccking on it he receive a permission error.
Thanks to everybody for the patience and for my bad english.
Have a nice day.