At present, if the user has the settings.enabled permisson, then the Settings link is enabled – quite rightly – but then clicking on that link offers settings for each module, even when the user does not have permissions to use any of the module's settings.
We can fix this:
- Each module should define an additional permission, settings.NAME.enabled, and the <Settings> component should display the module's permissions only if this is defined.
- Each settings.NAME.enabled permission should include settings.enabled as a sub-permission.
- Each permission for a specific part of the settings (e.g. settings.usergroups.all in the ui-users module) should include the relevant module-wide settings permission (in this case settings.users.enabled).
Then users will see only those settings areas that they have permission to use some part of.