I wanted to remove the input format tips link from the TextFormat form element and so I have disabled access to the filter.tips and filter.tips_all routes via event subscriber by setting the requirements to ['_access' => 'FALSE'].
This works just fine, when I visit the /filter/tips I will get proper 404. But the issue is that the link itself is still visible. I was checking if the access method on the Url object works and it does so the bug is somewhere else. And I found out that in the LinkGenerator::generate() method there is no access check for routed Urls.
By catch's recommendation I am attaching this simple patch that fixes this bug(ie. the link has disappeard) to see what the test bot will have to say.
Postponed: needs info
11.0 π₯
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
There has been no discussion here for 8 years, perhaps this is no longer a problem?
Is this still a problem in Drupal 10 or later?
Since we need more information to move forward with this issue, I am keeping the status at Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.
Thanks!