- Issue created by @Ahmad Khader
- 🇯🇴Jordan Rajab Natshah Jordan
Thanks, Ahmad, for reporting.
Look for which Layout Builder integration module is allowing that. maybe the permission one.
Or our custom "Layout" action item.Report that in the module, then let us the patch for the fix.
Maybe that could be reported as a security issue, not as normal issue.
Even this issue could be changed as a security issue ( try to contact the security team )Next time: When you create any access or security issue, you select the option to type as security issue.
- 🇯🇴Jordan Ahmad Khader
Thanks, Rajab for your feedback on this issue.
I don't think this is a vulnerability issue as normal users who don't have access to the layout builder manage or edit won't have access.
The problem is that the layout builder is enabled without actually being enabled. - Status changed to Needs work
2 months ago 11:32am 1 September 2024 - 🇯🇴Jordan Rajab Natshah Jordan
Got that.
Let us adduser has permissionwrapper condition
https://git.drupalcode.org/project/varbase_layout_builder/-/blob/10.1.x/...- Quick fix.
- then Quick release
- 🇯🇴Jordan Rajab Natshah Jordan
Check with Layout Builder Operation Link → .
Maybe the module has better logic. or more access restrictions.
They did not add the following in Drupal core yet
✨ Add 'Layout' Operation Link to entities Needs work - 🇯🇴Jordan Rajab Natshah Jordan
Noted;
The permission one. 🐛 Fix Layout Builder Access operation Without Enabled Functionality Needs workLet us add your Patch to Varbase Patches
File and issue/ and Pull Requiest - Assigned to Rajab Natshah
- Status changed to Active
2 months ago 11:12am 2 September 2024 -
rajab natshah →
committed 84acf393 on 10.1.x
Issue #3470409: Fix Layout Builder Access operation Without Enabled...
-
rajab natshah →
committed 84acf393 on 10.1.x
- Issue was unassigned.
- Status changed to Needs review
2 months ago 12:23pm 2 September 2024 - Status changed to Fixed
2 months ago 4:47pm 2 September 2024 Automatically closed - issue fixed for 2 weeks with no activity.