- Issue created by @andriy khomych
- Merge request !7fix(DataProducer/Menu/MenuLinks): Adds access check to menu links. β (Merged) created by andriy khomych
- π¦πΉAustria klausi π¦πΉ Vienna
Started with some unfinished test coverage, not done yet.
- π¦πΉAustria klausi π¦πΉ Vienna
@andriy khomych I added cache context and 2 test cases.
Do you need the access result neutral check? We should not allow neutral access results, right? Only menu links where the user has access should be returned.
- πΊπ¦Ukraine andriy khomych
@andriy khomych I added cache context and 2 test cases.
Do you need the access result neutral check? We should not allow neutral access results, right? Only menu links where the user has access should be returned.
Yup, Drupa core allows only allowed links.
MenuLinkTree::buildItems// Only render accessible links. if ($data->access instanceof AccessResultInterface && !$data->access->isAllowed()) { continue; }
- πΊπ¦Ukraine andriy khomych
Unfortunately, I cannot add a review note to my MR, overall, it looks good.
One more moment about cache:
$context->addCacheableDependency($item->access);
I think we might add a menu object as well. I'm unsure when we have a menu link removed or added so that correct information is displayed. - π¦πΉAustria klausi π¦πΉ Vienna
Thanks for the review, good point about the menu itself.
I added the cache context for the menu as well. Not sure if this even has an effect, as I did not understand the connection between menu and menu links. But I think further testing on adding/removing menu links and caching is out of scope for this issue. I also think menus don't change that often, so should only be a minor issue.
Let's fix the inaccessible links here and postpone any further work to a new issue if it is a problem.
- π¦πΉAustria klausi π¦πΉ Vienna
Uploading patch file for composer patches.
- πΊπ¦Ukraine andriy khomych
Thanks, Klausi! Well done, it looks good to me.
Automatically closed - issue fixed for 2 weeks with no activity.