diff --git a/src/Access/UwNodeAccessCheck.php b/src/Access/UwNodeAccessCheck.php
index 21019ee707ffe03d7c8c9ca237692ba395d82a51..1d0a61e73bd13611dd624b11f928c1ab662fa109 100644
--- a/src/Access/UwNodeAccessCheck.php
+++ b/src/Access/UwNodeAccessCheck.php
@@ -27,37 +27,38 @@ class UwNodeAccessCheck implements AccessInterface {
* The access result.
*/
public function access(RouteMatchInterface $route_match, AccountInterface $account): AccessResult {
- $route_name = $route_match->getRouteName();
-
- // Menu link edit pages.
- if ($route_name === 'menu_ui.link_edit') {
- $menu_link_plugin = $route_match->getParameter('menu_link_plugin');
- // Only those with permission may edit home page menu entry.
- if ($menu_link_plugin->getPluginId() === 'uw_base_profile.front_page') {
- return $account->hasPermission('bypass home page protection') ? AccessResult::allowed() : AccessResult::forbidden();
- }
- else {
+ switch ($route_match->getRouteName()) {
+ // Menu link edit pages.
+ case 'menu_ui.link_edit':
+ $menu_link_plugin = $route_match->getParameter('menu_link_plugin');
+ // Only those with permission may edit home page menu entry.
+ if ($menu_link_plugin->getPluginId() === 'uw_base_profile.front_page') {
+ return $account->hasPermission('bypass home page protection') ? AccessResult::allowed() : AccessResult::forbidden();
+ }
// Otherwise, default to access set in menu_admin_per_menu.
$menu_admin_per_menu = new MenuAdminPerMenuAccess();
return $menu_admin_per_menu->menuLinkAccess($account, $menu_link_plugin);
- }
- }
- // Node delete pages.
- if ($route_name === 'entity.node.delete_form') {
- $node = $route_match->getParameter('node');
- // Only those with permission may delete the home page.
- if ($node && UWService::nodeIsHomePage((int) $node->id())) {
- return $account->hasPermission('bypass home page protection') ? AccessResult::allowed() : AccessResult::forbidden();
- }
- else {
+ // Node delete pages.
+ case 'entity.node.delete_form':
+ $node = $route_match->getParameter('node');
+ // Only those with permission may delete the home page.
+ if ($node && UWService::nodeIsHomePage((int) $node->id())) {
+ return $account->hasPermission('bypass home page protection') ? AccessResult::allowed() : AccessResult::forbidden();
+ }
return AccessResult::allowed();
- }
- }
- // Dashboard config: admin/config/dashboards/dashboardssettings.
- if ($route_name === 'dashboards.dashboards_settings_form') {
- return $account->hasPermission('access dashboard config') ? AccessResult::allowed() : AccessResult::forbidden();
+ // Dashboard config: admin/config/dashboards/dashboardssettings.
+ case 'dashboards.dashboards_settings_form':
+ return $account->hasPermission('access dashboard config') ? AccessResult::allowed() : AccessResult::forbidden();
+
+ // Menu link add, edit, and delete pages.
+ case 'entity.menu.add_link_form':
+ case 'entity.menu_link_content.canonical':
+ case 'entity.menu_link_content.edit_form':
+ case 'entity.menu_link_content.delete_form':
+ return $account->hasPermission('administer menu') ? AccessResult::allowed() : AccessResult::forbidden();
+
}
// Get the node object, which is in the route match variable.
diff --git a/src/Routing/UwNodeAccessRouteSubscriber.php b/src/Routing/UwNodeAccessRouteSubscriber.php
index 2036afa76383ece69e24006700113fc974592488..ce6845ff4e2aac98a699e295fbd41b36d422a037 100644
--- a/src/Routing/UwNodeAccessRouteSubscriber.php
+++ b/src/Routing/UwNodeAccessRouteSubscriber.php
@@ -24,6 +24,16 @@ class UwNodeAccessRouteSubscriber extends RouteSubscriberBase {
'entity.node.delete_form',
// Menu link edit pages.
'menu_ui.link_edit',
+ // Menu link add page.
+ // Path admin/structure/menu/manage/{menu}/add.
+ 'entity.menu.add_link_form',
+ // Menu link edit page.
+ // Path admin/structure/menu/item/{menu_link_content}/edit.
+ 'entity.menu_link_content.canonical',
+ 'entity.menu_link_content.edit_form',
+ // Menu link delete page.
+ // Path admin/structure/menu/item/{menu_link_content}/delete.
+ 'entity.menu_link_content.delete_form',
];
foreach ($access_route_names as $route_name) {
if ($route = $collection->get($route_name)) {
diff --git a/uw_cfg_common.module b/uw_cfg_common.module
index 1bc2d461fec71764e0c0e0ee2d24936417e15c5c..8f9392eb0bfad7d708f824b6851ccd38edb3631f 100644
--- a/uw_cfg_common.module
+++ b/uw_cfg_common.module
@@ -9,6 +9,7 @@ use Drupal\Component\Utility\Html;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Render\Element;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\media_library\MediaLibraryState;
@@ -470,11 +471,18 @@ function uw_cfg_common_form_node_uw_ct_web_page_edit_form_alter(array &$form, Fo
/**
* Implements hook_form_FORM_ID_alter().
*
- * Menu edit form: admin/structure/menu/manage/main.
- *
- * Prevent certain changes to the home page.
+ * Menu edit form: admin/structure/menu/manage/{menu}.
*/
function uw_cfg_common_form_menu_edit_form_alter(array &$form, FormStateInterface $form_state, string $form_id): void {
+ // Hide links to menu edit and delete for non-admin.
+ if (!\Drupal::currentUser()->hasPermission('administer menu')) {
+ foreach (Element::children($form['links']['links']) as $element_key) {
+ $form['links']['links'][$element_key]['operations']['#access'] = FALSE;
+ }
+ }
+
+ // Prevent certain changes to the home page.
+ //
// No changes for those with access.
if (\Drupal::currentUser()->hasPermission('bypass home page protection')) {
return;