Users with lesser permissions cannot preview a page

Created on 1 July 2025, 26 days ago

Overview

If the user cannot edit config (asset library, code components) the preview does not render. That is because the preview gets those config from auto-save which requires `edit` permission. The GET routes should use `.view`.

Proposed resolution

Example of our fix

    $collection->get('experience_builder.api.config.auto-save.get.js')
      ?->setRequirement('_entity_access', 'xb_config_entity.view');
    $collection->get('experience_builder.api.config.auto-save.get.css')
      ?->setRequirement('_entity_access', 'xb_config_entity.view');

User interface changes

๐Ÿ› Bug report
Status

Active

Version

0.0

Component

โ€ฆย to be triaged

Created by

๐Ÿ‡บ๐Ÿ‡ธUnited States mglaman WI, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024