Problem/Motivation
In this issue we forgot to add a check if a user has access to the overview page.
In general it is a bad (security & ux) practice to show links to items a user doesn't have access to.
Steps to reproduce
- create a taxonomy
- create a user with permission to create/edit terms in this taxonomy
- link to the creation form
- click on the "Save and go to list" button
- a 403 access denied is shown
Proposed resolution
Hide the "Save and go to list" link when a user doesn't have access.
Remaining tasks
Add a check to see if the user has the "Access the taxonomy vocabulary overview page" permission.
User interface changes
In some cases the "Save and go to list" link will be hidden.
API changes
-
Data model changes
-