The "add link" operation in the Menu List should check Menu Link Content create access.

Created on 4 October 2023, over 1 year ago

Problem/Motivation

This isn't an issue if only core is in use, but if contrib/custom change these permissions (which does happen!), this can result in operations linking to unavailable forms.

Currently MenuListBuilder provides the "Add Link" operation if the menu edit operation is present.

 if (isset($operations['edit'])) {
      $operations['edit']['title'] = t('Edit menu');
      $operations['add'] = [
        'title' => t('Add link'),
        'weight' => 20,
        'url' => $entity->toUrl('add-link-form'),
        'query' => [
          'destination' => $entity->toUrl('edit-form')->toString(),
        ],
      ];
    }

However, these are two distinct entity types that could have their own access restrictions.
Instead of isset($operations['edit']), it would be more accurate to check ->createAccess() on the access control handler for menu link content.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

📌 Task

Status

Active

Version

11.0 🔥

Component

Menu system →

Last updated 2 days ago

Maintained by
🇩🇪Germany @dawehner
🇺🇸United States @pwolanin

Created by

🇺🇸United States bnjmnm Ann Arbor, MI

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @bnjmnm

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024