spqr/assets and spqr/redirect admin menu permission problem

  • Hi guys,

    I'm working on Pagekit to create a blog admin role, but some extension shows in the admin menu the extension icon, also when role doesn't have no permission for it.

    I think it could be useful hide things that role cannot use, adding an 'access' parameter in the definition of menu.


    I found this problem in sqpr/assets and spqr/redirect.


    Solved it adding a row in main index.php file of each extensios:



    /pagekit/packages/spqr/assets/index.php

    Code
    1. ...
    2. 'menu' => [
    3. 'assets' => [
    4. 'label' => 'Assets',
    5. 'url' => '@assets/asset',
    6. 'active' => '@assets/asset*',
    7. 'icon' => 'spqr/assets:icon.svg',
    8. 'access' => 'assets: manage assets || assets: manage settings' /* Add this row */
    9. ],
    10. ...


    /pagekit/packages/spqr/redirect/index.php

    Code
    1. ...
    2. 'menu' => [
    3. 'redirect' => [
    4. 'label' => 'Redirect',
    5. 'url' => '@redirect/target',
    6. 'active' => '@redirect/target*',
    7. 'icon' => 'spqr/redirect:icon.svg',
    8. 'access' => 'redirect: manage targets || redirect: manage statistics || redirect: manage settings' /* Add this */
    9. ],
    10. ...


    For the second extension spqr/redirect I found another problem:

    I saw the icon on the admin menu points at "admin/redirect/target" so if a user doesen't have the permission 'redirect: manage target' but only one of the other two, he can view corretly the menu item, but clicking it, he receive a permission error.


    Same problem is also in the main module pagekit/app/system/modules/site

    the admin menu item is a link to admin/site/page and if a user (as one of mine :) ) has the only permission 'system: manage storage' he can view the icon "site", but cliccking on it he receive a permission error.


    Thanks to everybody for the patience and for my bad english.

    Have a nice day.