Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission settings do not control access to "Preferences" page #11451

Open
sparmin opened this issue Feb 13, 2025 · 1 comment
Open

Permission settings do not control access to "Preferences" page #11451

sparmin opened this issue Feb 13, 2025 · 1 comment
Labels
permissions

Comments

@sparmin
Copy link

sparmin commented Feb 13, 2025

Bug description

CP users should be restricted to access the Preferences page. They should have access to the CP itself of course, but not being able to edit preference settings like CP Nav. I have the permission disabled for the user role, but the preferences still show up in the navigation. The user in this example only has one role with the permissions shown below.

Image
Image

How to reproduce

Create a user. Give them a user role without permission to access the Preferences page. Imitate the user.

Logs



Environment


Environment
Application Name: Firalux
Laravel Version: 11.42.1
PHP Version: 8.3.13
Composer Version: 2.8.4
Environment: local
Debug Mode: ENABLED
URL: firalux.ohodesign.ch
Maintenance Mode: OFF
Timezone: Europe/Zurich
Locale: de_CH

Cache
Config: NOT CACHED
Events: CACHED
Routes: NOT CACHED
Views: CACHED

Drivers
Broadcasting: log
Cache: file
Database: sqlite
Logs: stack / single
Mail: log
Queue: sync
Session: file

Sentry
Enabled: MISSING DSN
Environment: local
Laravel SDK Version: 4.12.0
PHP SDK Version: 4.10.0
Release: NOT SET
Sample Rate Errors: 100%
Sample Rate Performance Monitoring: NOT SET
Sample Rate Profiling: NOT SET
Send Default PII: DISABLED

Statamic
Addons: 5
Sites: 4 (Firalux - DE, Firalux - EN, Firalux - FR, Firalux - IT)
Stache Watcher: Enabled (auto)
Static Caching: Disabled
Version: 5.46.1 PRO

Statamic Addons
aryehraber/statamic-logbook: 3.3.0
mitydigital/statamic-two-factor: 2.4.1
statamic/eloquent-driver: 4.19.1
statamic/seo-pro: 6.5.0
webographen/statamic-admin-log: 1.1.0

Statamic Eloquent Driver
Asset Containers: file
Assets: file
Blueprints: file
Collection Trees: file
Collections: file
Entries: file
Forms: file
Global Sets: file
Global Variables: file
Navigation Trees: file
Navigations: file
Revisions: file
Sites: file
Taxonomies: file
Terms: file
Tokens: file


Installation


Fresh statamic/statamic site via CLI


Additional details


No response

      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
            







      

  
      



  

  @duncanmcclean





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
  Member


      

  


  

    

  





      


        


  
    

      
          
As a workaround for now, you could customize the default CP nav for users and remove the "Preferences" nav item.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    
















  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    permissions









      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          
  

    

      

        
          

            
    

    Development
  




              
    
No branches or pull requests







        
      

    

  


      

    

  
      

  

    

      2 participants
    

    

        
          @duncanmcclean 
        
          @sparmin