- Issue created by @mglaman
- ๐บ๐ธUnited States effulgentsia
"view" as the entity operation makes sense, but I think if we do that, we need to also make sure that the access handler uses a permission like "view unpublished" or "view latest version" (see Content Moderation for reference) if the entity is the one that's in auto-save.
- ๐บ๐ธUnited States mglaman WI, USA
The problematic entities were config entities which don't support revisions. Not the actual entity being edited itself. I don't know if this effects regular conponen config for SDCs
- ๐บ๐ธUnited States mglaman WI, USA
Flagging for tests. There must be existing tests that have missing coverage.
- ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
This title is very misleading ๐ ๐ฌ
This was introduced in ๐ Code Components should render with their auto-saved state(if any) when rendered in the XB UI Active .
So I went to investigate how we agreed this was supposed to work: when should code components load their auto-saved vs live CSS+JS code? ๐ต๏ธ
I wrote ~4 months ago at #3500386-35: Code Components should render with their auto-saved state (if any) when rendered in the XB UI โ :
should not only only apply to that route, but also only to users who have sufficient permissions: if they lack the
administer code components
permission, they should not be able to see draft (auto-saved) states of edited code components.
I think that can become a third MR here.Which @effulgentsia disagreed with at #3500386-38: Code Components should render with their auto-saved state (if any) when rendered in the XB UI โ :
I don't think that's correct. If they have permission to use the code component within XB's page builder (if we don't yet have granular permissions for this, this is ), then they should see what their component instance looks like in their content, using the draft state of the JS and CSS.
The underline (added by me) is what ๐ Add permission for "Use Experience Builder" Active is about to land! ๐ฅณ
We then agreed at #3500386-39: Code Components should render with their auto-saved state (if any) when rendered in the XB UI โ to do this in ๐ Add access control for "code components" and "asset libraries", special case: instantiated code components must be accessible to *all* Active , but we never did โ or rather: in #3508694 we did change the route requirement for the routes discussed here like so:
requirements: _permission: 'administer code components' _xb_http_eligible_config_entity: 'TRUE' _entity_access: 'xb_config_entity.edit'
So โฆ once ๐ Add access control for "code components" and "asset libraries", special case: instantiated code components must be accessible to *all* Active lands, this should become trivial to support :)
- ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
Pushed solution. Test coverage should be trivial to add in
\Drupal\Tests\experience_builder\Functional\AssetLibraryAttachmentTest::test()
.Note that the MR will fail until ๐ Add permission for "Use Experience Builder" Active 's lands.
- Merge request !1241Implement https://www.drupal.org/project/experience_builder/issues/3533461#comment-16181021. โ (Merged) created by wim leers
- ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
๐ Add permission for "Use Experience Builder" Active just landed ๐ฅณ
- ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
See https://git.drupalcode.org/project/experience_builder/-/merge_requests/1... โ now you can review to see if it all makes (hopefully MUCH) more sense? ๐ค
-
wim leers โ
committed 2e5c7a4c on 0.x
Issue #3533461 by wim leers, thoward216, mglaman, effulgentsia: Only...
-
wim leers โ
committed 2e5c7a4c on 0.x
Automatically closed - issue fixed for 2 weeks with no activity.