Problem/Motivation

Entity Blueprint exposes powerful read and write operations that AI agents invoke on behalf of a Drupal user. Those operations must respect the acting user's permissions, otherwise a tool call becomes an information-disclosure or privilege-escalation vector.

Comments

tim bozeman created an issue. See original summary.

  • tim bozeman committed 9ed71a37 on 1.0.x
    fix: #3595052 Enforce per-user access control across all blueprint read/...
tim bozeman’s picture

Status: Reviewed & tested by the community » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.