- π¦πΊAustralia larowlan π¦πΊπ.au GMT+10
β¨ Add more granular block content permissions Fixed Would have resolved this. You just need the ability to edit the block content type the media is attached to now. This used to require administer blocks, but no longer does.
- π¦πΊAustralia acbramley
While we can use the create * block content permissions to get around this, it's a bit strange because a role doesn't need any of these permissions to actually manage block content inside layout builder at all.
This means we need to give roles create permissions for blocks they can create in layout builder, only for media library access. But then they'd have access to create them via block/add/foo as well? Leaning on the side of reopening this one.
- Status changed to Active
over 1 year ago 5:20am 25 July 2023 - π¦πΊAustralia acbramley
Yeah, you also need "access block library" which again may not be desirable.
- πΊπΈUnited States luke.leber Pennsylvania
I agree with #31 here.
Our particular use case is that we only want a higher echelon of users to be able to create / edit / delete reusable blocks (due to how far-reaching their usage might be), while allowing lower users to manage inline blocks.
As it stands, even with contrib module helpers, users still seem to need create permission on the block type in order to use the media library for inline blocks. This comes with the nasty side-effect of allowing them to create reusable blocks as well.
- π³πΏNew Zealand john pitcairn
I also agree with #31.
Content editors who should only interact with blocks via layout builder should not see the reusable blocks overview page or be able to create standalone reusable blocks from there.
- π©πͺGermany ammaletu Bonn, Germany
We just stumbled upon a new variant of this bug (Drupal 10.1.7): Our users have the "administer blocks" permission, but not the new per content block permissions nor the "Access the Content blocks overview page" permission. Everything worked fine for them with Drupal 9. Since the update, they are not able to add media to a block anymore.
The error message which is logged when clicking on the "Insert" button in the media modal (no error shown to the user):
Path: [URL with many parameters]. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: The following permissions are required: 'create gallery_widget block content' AND 'access block library'. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 118 of /var/www/html/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).
The change record β for the new permissions sounded as if they were optional, as long as users have the "administer blocks" permission. Now it seems, this has changed so that you do need the new permissions for adding media items to a block!?
- πΊπΈUnited States ian.ssu
ian.ssu β made their first commit to this issueβs fork.
- πΊπΈUnited States ian.ssu
I spent an entire day with the debugger trying to find an elegant solution to this issue. My conclusion is that LayoutBuilder InlineBlock, by adding the Reusable property to BlockContentEntity, creates a separation of concerns problem. This approach couples BlockContent to LayoutBuilder in ways that other modules, like MediaLibrary, shouldn't have to worry about. I've started considering extending BlockContentEntity for InlineBlock as a potential path toward a solution.
Unable to come up with a quick solution, I pivoted back to the workaround for Drupal 10.2.6
https://git.drupalcode.org/issue/drupal-3106315/-/compare/11.x...3106315... - π¦πΊAustralia fenstrat Australia
The work around in #37 works well. It can also be implemented in a custom module to the same effect.
It's essentially a simplified version of the fixes others have used above.I'd agree that this is an unfortunate separation of concerns issue. So, as the 'create and edit custom blocks' permissions seems to cover the cases where media is not used on a block, then re-using that permission where media is used seems like a valid work around.
- πΊπΈUnited States chrisgross
I'm running into a similar problem on 10.3.2. However, the suggested solution does not work for me, though my use case is perhaps slightly different.
I am using core's included Block Content Permissions, but I have chosen not to give any roles "Create new block content" permissions for my various custom block types and this is preventing media from being uploaded to fields on those blocks in Layout Builder. Granting those permissions does fix that and allow media to be added to the library within Layout Builder blocks, however, it also allows users to add new instances of these custom block types under '/block/add', which I do not want. I only want those users to be able to add those blocks in Layout Builder.
The "Create new block content" permissions are not required in order to actually add these custom blocks in Layout Builder at all (which I believe is how it's supposed to work), but they are required in order to add media to fields within those blocks. So I believe this is a variation of this same problem, which is that Layout Builder is using faulty access checks when uploading media to custom blocks.
I'm not sure why the solution in #37 does not work for me.
