Workspace switcher block does not check access

Created on 6 February 2024, 4 months ago
Updated 10 April 2024, 2 months ago

Problem/Motivation

If the "workspace switcher" block is added to layouts, all users have access to it.

It is possible to set block visibility per role, or implement hook_block_access to restrict access to users with e.g. the 'view any workspace' permission, but it seems like this access check should be part of the block itself.

Steps to reproduce

As a site admin, place the Workspace switcher block in the sidebar, then switch to a regular user account without any workspace permissions, and the block will be visible.

Note that users without any workspace permissions are not able to activate a workspace.

Proposed resolution

Make the Workspace switcher block check for one of these permissions by default: view own workspace, view any workspace, administer workspaces.

Remaining tasks

Review.

User interface changes

Nope.

API changes

Nope.

Data model changes

Nope.

Release notes snippet

Nope.

πŸ› Bug report
Status

Fixed

Version

10.3 ✨

Component
WorkspacesΒ  β†’

Last updated 6 days ago

No maintainer
Created by

πŸ‡¬πŸ‡§United Kingdom malcomio

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.69.0 2024