Problem/Motivation
Currently the site information Basic Site Settings Front page validates the user has access to the route and prevents saving if this is the case.
Additionally if the user has administrative permission (i.e. user 1) and you try and add a route that you don't have permission to - user/login for example the for saves successfully but wipes the value leaving it black.
1) The form should not wipe values when the routing validation fails when submitted from an admin user.
2) The form validation as to whether the route is a valid route should be separate from whether the user submitting the form has permission over the route.
On submission we should validate that the path is a valid path.
Steps to reproduce
1) As user/1 submit the admin/config/system/site-information form with a valid route
2) As user/1 attempt to submit the admin/config/system/site-information form with /user/login as the homepage.
Proposed resolution
Prevent setting the following paths:
- admin/*
- /user/*/cancel
- /node/*/delete
- other additional routes?
Validate that the route exists - but not necessary that the current user has permission.
Remaining tasks
Confirm which routes we want to prevent setting
Change the validation such that it is not user dependent.
Consider how to handle the case when the existing saved value no longer validates on form submission.
Note:
The above is a problem, because in
#2288911: Use route name instead of system path in user maintenance mode subscriber →
, we have made the /user/login path accessible only to anonymous users, so if someone wants to use that for the default front page, then it will prevent the form from being used by any authenticated user.