Image style routes use _permission requirement instead of _entity_access

Created on 12 July 2023, 11 months ago
Updated 25 October 2023, 8 months ago

Problem/Motivation

Follow up from πŸ› Media Library image style shouldn't be able to be deleted through the UI. Fixed to apply the same fix to create and edit image style routes.

Steps to reproduce

Deny access to create or update operations for an image style through a hook_entity_access/hook_entity_create_access
Login as a user with administer image styles
Notice you are still able to update or create image styles.

Proposed resolution

Same as πŸ› Media Library image style shouldn't be able to be deleted through the UI. Fixed

In entity.image_style.edit_form
Check_entity_access: 'image_style.update' vs permission

πŸ› Bug report
Status

Needs work

Version

11.0 πŸ”₯

Component
Image moduleΒ  β†’

Last updated 7 days ago

Created by

πŸ‡¦πŸ‡ΊAustralia acbramley

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.69.0 2024