Edit link in breadcrumb region shows even when user has no permission

#4 Works for me! Thanks.

Unfortunately, the approach with PathValidator::isValid doesn't really achieve what's needed. The permission check only looks for the permission link to any page, but that doesn't necessarily mean that the current user is allowed to edit the current entity. The rest of the patch looks ok, but the permission check needs a different approach.

I have started an MR which uses the simple entity access controller to see if the user has edit permissions.

#11: the merge was blocked by a conflict and I (unsuccessfully) tried to rebase from upstream, sorry about the mess.

#14: this is a new branch with the cherry picked commit by @jurgenhaas, with the merge conflict resolved.
I had to change the access check since that I tested the patch with different roles and with one of them (implementer) I wasn't able to see the breadcrumb despite having the "[CT]: Edit its own content" permission.

See the differences between a moderator and a implementer here:

The issue was basically the same as #3204423: Entity edit-form routes check "update" access but not "view" access, caused by the confusion of the names between "edit" and "update" permissions for the entity access check.
Before: $entity->access('edit')
After: $entity->access('update')

Now it works nicely as expected, please review.

Thanks @elgandoz for updating the MR. Unfortunately, it only applies to 1.0.x-dev but not to 1.0.0-RC3 because of this commit: https://git.drupalcode.org/project/gin_toolbar/-/commit/4e66cd7c20b249be...

But there isn't much we can do about that.

Hey @jurgenhaas, I removed the commits past your one and amended it, in order to have the 'update' access check, in the original 3319445-edit-link-in branch you created, and force-pushed.
So now the diff from MR!25 should apply on 1.0.0-RC3, while MR!30 goes on 1.0.x-dev in order to get merged.
Please check since I didn't test it.

Thanks @elgandoz that's a nice solution as well. So MR !25 is for the latest RC3 and MR !30 is for the dev release. This is working great.

Rebased

MR!30 didn't apply any longer and I've done a rebase. However, one part of the fix needs to be handled in Gin now, since the part of the template where this is required has moved over there.

The rebased one was missing some twig changes, I happened to worked on fixing this before having found this issue :facepalm:

I a very similar thing and went ahead and push it, it makes it cleaner in the the twig and uses the proper drupal services.

Overall proposal looks fine, however I've modified the MR to be a little more correct.

Updated patch for version 2.0.0

Added entity access check to version 8x.

The merge requests should be updated to target branch 2.0.x.

Thanks..

FYI while this probably would have fallen under PSA-2023-07-12, this should have been reported privately as a security issue and then discussed with the Drupal Security Team. Please try to keep this in mind if similar issues show up again. Thank you.