ISTWCMS-4229: Protect menu link edit page for home page

src/Access/UwNodeAccessCheck.php

@@ -6,6 +6,7 @@ use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Routing\Access\AccessInterface;
 use Drupal\Core\Routing\RouteMatchInterface;
 use Drupal\Core\Session\AccountInterface;
+use Drupal\menu_admin_per_menu\Access\MenuAdminPerMenuAccess;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
@@ -25,6 +26,21 @@ class UwNodeAccessCheck implements AccessInterface {
    *   The access result.
    */
   public function access(RouteMatchInterface $route_match, AccountInterface $account): AccessResult {
+    $route_name = $route_match->getRouteName();
+
+    // Menu link edit pages.
+    if ($route_name === 'menu_ui.link_edit') {
+      $menu_link_plugin = $route_match->getParameter('menu_link_plugin');
+      // Only those with permission may edit home page menu entry.
+      if ($menu_link_plugin->getPluginId() === 'uw_base_profile.front_page') {
+        return $account->hasPermission('bypass home page protection') ? AccessResult::allowed() : AccessResult::forbidden();
+      }
+      else {
+        // Otherwise, default to access set in menu_admin_per_menu.
+        $menu_admin_per_menu = new MenuAdminPerMenuAccess();
+        return $menu_admin_per_menu->menuLinkAccess($account, $menu_link_plugin);
+      }
+    }
 
     // Get the node object, which is in the route match variable.
     $node = $route_match->getParameter('node');

src/Routing/UwNodeAccessRouteSubscriber.php

@@ -18,6 +18,8 @@ class UwNodeAccessRouteSubscriber extends RouteSubscriberBase {
     $access_route_names = [
       // Node pages (/node/{nid}).
       'entity.node.canonical',
+      // Menu link edit pages.
+      'menu_ui.link_edit',
     ];
     foreach ($access_route_names as $route_name) {
       if ($route = $collection->get($route_name)) {