Contrib.social

Pass current user's XB permissions to the XB UI

Open on Drupal.org →
Created on 1 April 2025, about 1 month ago

Overview

The following permissions determine access to high-level features in the XB UI, and will allow the UI to perform a simple if (boolean) { show(); }-style check:

  1. Administer Page Template (for PageRegion config entities, which together make up the "page template") → show the Move to global region option in context menus … or not
  2. Administer Sections (for Pattern config entities) → show "Create section" in context menus … or not (⚠️ list of sections to use is always available!)
  3. Administer Code Components (for JavaScriptComponent and AssetLibrary config entities) → show "Add component" and "Code" in sidebar + request /xb/api/js_component … or not

Partially blocked on 📌 Add access control for "code components" and "asset libraries", special case: instantiated code components must be accessible to *all* Active , because Pattern doesn't yet have the appropriate permission.

Proposed resolution

diff --git a/src/Controller/ExperienceBuilderController.php b/src/Controller/ExperienceBuilderController.php
index 94dfed312..f1878b80f 100644
@@ -110,6 +111,11 @@ HTML;
             'jsFooter' => $this->assetRenderer->renderJsFooterAssets($preview_assets),
           ],
           'xbModulePath' => $xb_module_path,
+          'permissions' => [
+            'globalRegion' => $this->currentUser->hasPermission(PageRegion::ADMIN_PERMISSION),
+            'sections' => $this->currentUser->hasPermission(Pattern::ADMIN_PERMISSION),
+            'codeComponents' => $this->currentUser->hasPermission(JavaScriptComponent::ADMIN_PERMISSION),
+          ],
         ],
       ],
       // Note: the tokens here are under our control, and this accepts no user

User interface changes

None; that's for Create React Permission Utilities Active and related issues to tackle.

📌 Task
Status

Active

Version

0.0

Component

Internal HTTP API

Created by

🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024