Contrib.social

Fix users having access to the layout builder on entities regardless of whether the layout is enabled

Open on Drupal.org →
Created on 1 September 2024, 19 days ago
Updated 3 September 2024, 17 days ago

Problem/Motivation

Users can access the layout builder on entities regardless of whether layout functionality is enabled or Allow each content item to have its layout customize option is enabled.

Steps to reproduce

  • Navigate to the entity type manage display that supports the layout builder, such as the user entity.
  • Ensure that the layout builder option is disabled.
  • Proceed to the user edit page.
  • You will observe that the local tasks provide a link to access the layout builder.
  • If you click on this link, you will be redirected to the layout builder page for that content without encountering a 403 Access Denied error.

Proposed resolution

Access should depend on the default being enabled and Access also depends on the default layout being overridable.

    $result = $result->andIf($this->getDefaultSectionStorage()->access($operation, $account, TRUE));
    $result = $result->andIf(AccessResult::allowedIf($this->getDefaultSectionStorage()->isOverridable())->addCacheableDependency($this->getDefaultSectionStorage()));
    $result = $this->handleTranslationAccess($result, $operation, $account);

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report
Status

RTBC

Version

2.1

Component

Code

Created by

🇯🇴Jordan Ahmad Khader

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024