- Issue created by @Liam Morland
- 🇮🇳India sijumpk
There is a page available to add block to any theme, at admin/structure/block/add/page_title_block. Because of that _access_theme: 'TRUE' requirements is avoided from block.admin_add route. Even if we reach the page like you said (admin/structure/block/add/page_title_block/non_existance_theme), we won't be able to create any block as there wont be any options available in the required "Region" field.
- Status changed to Needs work
about 1 year ago 11:31am 14 December 2023 - 🇵🇭Philippines abhaypai
Thanks @LiamMorland to report the issue.
Few updates from end so far:
- I was able to replicate the issue according to the description
- Did comparison between
block.admin_librarywhich defines pathadmin/structure/block/library/non_existance_themeandblock.admin_addwhich defines pathadmin/structure/block/add/page_title_block/non_existance_themehave a delta of_access_themeinblock.routing.ymlfile - Did some initial debugging and after applying
_access_themeunderblock.admin_addissue is resolved
- Merge request !58093397753: Fix Configure block access to non existence themes → (Open) created by abhaypai
- Status changed to Needs review
about 1 year ago 5:50am 15 December 2023 - 🇵🇭Philippines abhaypai
Keeping the status to "Needs work" since phpunit test is failing, adding "Needs Test" tag and updating the version to "11.x-dev" since i also replicated the same in that version
- Status changed to Needs work
about 1 year ago 5:50am 15 December 2023 - 🇵🇭Philippines abhaypai
Keeping the status to "Needs work" since phpunit test is failing
- 🇮🇳India sijumpk
@abhaypai, your patch will cause an "Access denied" to
/admin/structure/block/add/page_title_block. In order to avoid that_access_theme: 'TRUE'is avoided fromblock.admin_add route. We need to add a block even if there is no theme present in the url - 🇵🇭Philippines abhaypai
Thanks for looking into my suggestion and updating your comments on #2, although i have few points to share:
- From where did you find the source of this following statement, Any reference link issue is gonna be helpful here to proceed with solution
In order to avoid that _access_theme: 'TRUE' is avoided from block.admin_add route.
- Can you please share replicating steps to land on this url
/admin/structure/block/add/page_title_blockfrom user interface ? I aware of landing on this url directly from url path is possible and forms field shows default theme inputs. - Also i cannot see any code use case of this said
/admin/structure/block/add/{placeholder}path orblock.admin_addroute source in the system without being usage of theme name to any pluginid
Looking for suggestions here from other community members; what can be solution of this bug ? Ideally from my POV form should not be visible if there is no theme available or installed in the system.
- From where did you find the source of this following statement, Any reference link issue is gonna be helpful here to proceed with solution
- 🇨🇦Canada Liam Morland Ontario, CA 🇨🇦
I ran into this in functional testing with a test that directly requests the page. I don't know of any place where a link to the invalid page exists. It would have been easier to debug that the test was missing the theme if that invalid page had returned a 403 or 404 status.