Skip to content
Snippets Groups Projects
Commit 7f109e94 authored by Liam Morland's avatar Liam Morland
Browse files

ISTWCMS-5085: Prevent non-admin access to menu add, edit, and delete pages

parent ddb2e84a
No related branches found
No related tags found
1 merge request!153ISTWCMS-5085: Prevent non-admin access to menu add, edit, and delete
Hide whitespace changes
Inline Side-by-side
src/Access/UwNodeAccessCheck.php
+ 7
0
View file @ 7f109e94
...@@ -52,6 +52,13 @@ class UwNodeAccessCheck implements AccessInterface { ...@@ -52,6 +52,13 @@ class UwNodeAccessCheck implements AccessInterface {
case 'dashboards.dashboards_settings_form': case 'dashboards.dashboards_settings_form':
return $account->hasPermission('access dashboard config') ? AccessResult::allowed() : AccessResult::forbidden(); return $account->hasPermission('access dashboard config') ? AccessResult::allowed() : AccessResult::forbidden();
// Menu link add, edit, and delete pages.
case 'entity.menu.add_link_form':
case 'entity.menu_link_content.canonical':
case 'entity.menu_link_content.edit_form':
case 'entity.menu_link_content.delete_form':
return $account->hasPermission('administer menu') ? AccessResult::allowed() : AccessResult::forbidden();
} }
// Get the node object, which is in the route match variable. // Get the node object, which is in the route match variable.
......
src/Routing/UwNodeAccessRouteSubscriber.php
+ 10
0
View file @ 7f109e94
...@@ -24,6 +24,16 @@ class UwNodeAccessRouteSubscriber extends RouteSubscriberBase { ...@@ -24,6 +24,16 @@ class UwNodeAccessRouteSubscriber extends RouteSubscriberBase {
'entity.node.delete_form', 'entity.node.delete_form',
// Menu link edit pages. // Menu link edit pages.
'menu_ui.link_edit', 'menu_ui.link_edit',
// Menu link add page.
// Path admin/structure/menu/manage/{menu}/add.
'entity.menu.add_link_form',
// Menu link edit page.
// Path admin/structure/menu/item/{menu_link_content}/edit.
'entity.menu_link_content.canonical',
'entity.menu_link_content.edit_form',
// Menu link delete page.
// Path admin/structure/menu/item/{menu_link_content}/delete.
'entity.menu_link_content.delete_form',
]; ];
foreach ($access_route_names as $route_name) { foreach ($access_route_names as $route_name) {
if ($route = $collection->get($route_name)) { if ($route = $collection->get($route_name)) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment