Block library view links to the edit page for each content block even when the user does not have edit access

Created on 19 June 2024, 6 months ago

Problem/Motivation

Steps to reproduce

  1. Install Standard with HEAD.
  2. At /admin/content/block, click "Add content block".
  3. Create a test block.
  4. On admin/structure/block, click the "Place block" button in the Header region, and place an instance of the test block from step 3.
  5. At /admin/people/create, create a test user that only has the "authenticated user" role.
  6. At /admin/people/permissions/authenticated, grant authenticated users only the "Access the Content blocks overview page" permission.
  7. Log in as the test user.
  8. Go to /admin/content/block.
  9. Click on "Test block 1".
  10. Observe the "Access denied" message, despite the content block being published? In fact, there doesn't even seem to be publishing status for the block.
  11. Uninstall Views UI and Views.
  12. Switch back to the test user.
  13. Go back to /admin/content/block.
  14. Observe that there is no link to the non-editable block, and therefore no unexpected 403.

Proposed resolution

Make the view render the link only if the user has edit access.

Remaining tasks

TBD

User interface changes

On admin/content/block with Views enabled, block titles no longer link to the content block edit form unless the user has edit access.

API changes

TBD

Data model changes

TBD

Release notes snippet

N/A

πŸ› Bug report
Status

Postponed

Version

11.0 πŸ”₯

Component
Block contentΒ  β†’

Last updated 20 days ago

Created by

πŸ‡ΊπŸ‡ΈUnited States xjm

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024