Fix Layout Builder Access operation Without Enabled Functionality

Thanks, Ahmad, for reporting.

Look for which Layout Builder integration module is allowing that. maybe the permission one.
Or our custom "Layout" action item.

Report that in the module, then let us the patch for the fix.
Maybe that could be reported as a security issue, not as normal issue.
Even this issue could be changed as a security issue ( try to contact the security team )

Next time: When you create any access or security issue, you select the option to type as security issue.

Thanks, Rajab for your feedback on this issue.
I don't think this is a vulnerability issue as normal users who don't have access to the layout builder manage or edit won't have access.
The problem is that the layout builder is enabled without actually being enabled.

Got that.
Let us add user has permission wrapper condition
https://git.drupalcode.org/project/varbase_layout_builder/-/blob/10.1.x/...

• Quick fix.
• then Quick release

Check with Layout Builder Operation Link → .
Maybe the module has better logic. or more access restrictions.
They did not add the following in Drupal core yet
✨ Add 'Layout' Operation Link to entities Needs work

Please check the related issue

Noted;
The permission one. 🐛 Fix Layout Builder Access operation Without Enabled Functionality Needs work

Let us add your Patch to Varbase Patches
File and issue/ and Pull Requiest

✅ Released varbase_layout_builder-10.1.3 →

Automatically closed - issue fixed for 2 weeks with no activity.