Problem/Motivation

Make other user routes admin routes.
Only deny GET and other safe methods. Ignore POST requests.

Steps to reproduce

Visit the user profile - get a 404.

Proposed resolution

There's a case where you might want logged in users to have access but not anonymous users. This is where things are tricky. I think a good default is to move all the user routes to admin and then open a follow-up issue about anon access to user info.

Remaining tasks

User interface changes

API changes

Data model changes

Issue fork admin_ui_only-3357944

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

alexpott created an issue. See original summary.

alexpott opened merge request !4

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Title: Other user routes should be admin routes - view profile, user register, password reset. » Some important routes should not be blocked by this module - view profile, user register, password reset, batch, contextual render
Issue summary: View changes
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Active » Needs review

  • alexpott committed d68b4e9f on 1.0.x 
    Issue #3357944 by alexpott: Some important routes should not be blocked...
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.