The links will be gone, but if someone can guess, they would be able to add/delete/edit blocks/sections and so on.

CommentFileSizeAuthor
#10 3109476-10.patch15.63 KBswentel
#9 3109476-9.patch15.55 KBswentel
#8 3109476-8.patch15.24 KBswentel
#7 3109476-6.patch13.27 KBswentel
#5 3109476-5.patch13.15 KBswentel
#3 3109476-3.patch10.5 KBswentel
#4 3109476-4.patch13.21 KBswentel
#4 3109476-4-fail.patch4.34 KBswentel
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

swentel created an issue. See original summary.

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
Status: Active » Needs review

This patch uses a technique which is also used by Layout Builder Perms, so they could end up clashing with each other when used together.
It swaps the LayoutBuilderAccessCheck class.

I've been wondering though whether it wouldn't make more sense to override OverridesSectionStorage (which then might clash with layout builder at, but since I maintain both, I can easily write a workaround for that).

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
FileSize
3109476-3.patch10.5 KB

And now with patch

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
FileSize
3109476-4-fail.patch4.34 KB
3109476-4.patch13.21 KB

We now have tests. Uploaded failing and pass test patches.
Still needs check for all other routes.

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
FileSize
3109476-5.patch13.15 KB

removed the debug drupal_set_message call

swentel credited tim.plunkett.

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
FileSize
3109476-6.patch13.27 KB

New patch with a more elegant solution: adding a new access check so both are chained! Credits to Tim for this one! :)

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
FileSize
3109476-8.patch15.24 KB

More route checking, LOCKED_SECTION_BLOCK_MOVE is the last one

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
FileSize
3109476-9.patch15.55 KB

With LOCKED_SECTION_BLOCK_MOVE now too ... manually tested to be sure as I don't really call a route right now in the test.

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
FileSize
3109476-10.patch15.63 KB

Another check for removal of section

  • swentel committed 2fa1a7a on 8.x-1.x 
    Issue #3109476: protect route access
swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
Status: Needs review » Fixed

Done

swentel’s picture

swentel CreditAttribution: swentel at eps & kaas for Dropsolid commented
Status: Fixed » Closed (fixed)