You are here

Layout Builder access in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/layout_builder/layout_builder.api.php \layout_builder_access
  2. 9 core/modules/layout_builder/layout_builder.api.php \layout_builder_access

In determining access rights for the Layout Builder UI, \Drupal\layout_builder\Access\LayoutBuilderAccessCheck checks if the specified section storage plugin (an implementation of \Drupal\layout_builder\SectionStorageInterface) grants access.

By default, the Layout Builder access check requires the 'configure any layout' permission. Individual section storage plugins may override this by setting the 'handles_permission_check' annotation key to TRUE. Any section storage plugin that uses 'handles_permission_check' must provide its own complete routing access checking to avoid any access bypasses.

This access checking is only enforced on the routing level (not on the entity or field level) with additional form access restrictions. All HTTP API access to Layout Builder data is currently forbidden.

See also

https://www.drupal.org/project/drupal/issues/2942975

File

core/modules/layout_builder/layout_builder.api.php, line 8
Hooks provided by the Layout Builder module.

Functions

Classes

Namesort descending Location Description
LayoutBuilderAccessCheck core/modules/layout_builder/src/Access/LayoutBuilderAccessCheck.php Provides an access check for the Layout Builder defaults.