Fixed permission check for configuration save [#2130]

CHANGELOG.md

@@ -15,6 +15,7 @@
     * Fixed audit vulnerabilities in module dependencies and house cleanup [#2096](https://github.com/getgrav/grav-plugin-admin/issues/2096)
     * Fixed issue preventing Drag & Drop of media files while in Expert Mode [#1927](https://github.com/getgrav/grav-plugin-admin/issues/1927)
     * Fixed broken link colors in `preset.css` which was causing issues with tabs and dropdowns
+    * Fixed permission check for configuration save [#2130](https://github.com/getgrav/grav-plugin-admin/issues/2130)
 
 # v1.10.12
 ## 04/15/2021

classes/plugin/AdminBaseController.php

@@ -528,14 +528,9 @@ class AdminBaseController
         $permissions = ['admin.super'];
 
         switch ($type) {
-            case 'configuration':
             case 'config':
-            case 'system':
+                $type = $this->route ?: 'system';
-                $permissions[] = 'admin.configuration.system';
+                $permissions[] = 'admin.configuration.' . $type;
-                break;
-            case 'settings':
-            case 'site':
-                $permissions[] = 'admin.configuration.site';
                 break;
             case 'plugins':
                 $permissions[] = 'admin.plugins';

themes/grav/templates/config.html.twig

@@ -1,9 +1,10 @@
 {% extends 'partials/base.html.twig' %}
 
 {% set configurations = admin.configurations(true) %}
-{% set config_slug = uri.basename %}
+{% set config_slug = admin.route %}
-{% if config_slug == 'config' %}
+{% if not config_slug %}
     {% set config_slug = configurations|first %}
+    {% do admin.redirect('config/' ~ config_slug, 302) %}
 {% endif %}
 {% set isInfo = (config_slug == 'info') %}