Problem/Motivation

Layout Builder uses Contextual Links to let the the user configure, move or remove blocks. For being able to use them, the "access contextual links" permission is required. Without having that permission, the Layout Builder usability is very limited, because then you're able to add blocks, but cannot configure or remove them anymore - due to missing links in the UI.

I have a use case where contextual links are not desired, especially on node view pages. The reason behind that is, that contextual links might introduce problems due to its "injective" behavior. The current situation - without involving additional development - now forces me to decide:

  • Either Layout Builder will be used which means contextual links anywhere else, or
  • not having contextual links and therefore not having a usable Layout Builder.

Proposed resolution

Users being allowed to use the Layout Builder should be able to use it in its full manner, regardless of "access contextual links".
Two possible ways maybe:

  1. Just ignore the contextual links permission or
  2. Ignore the contextual links permission and introduce Layout Builder's own permission regards the usage of contextual links within Layout Builder.

Remaining tasks

This should be discussed I guess, as there might be other cases around that. Some also might see a security risk here?

User interface changes

I guess none for almost any user.

API changes

I guess the Contextual Links module takes care regards permissions on its own, thus the solution might be a little bit more complex...

Comments

mxh created an issue. See original summary.

tim.plunkett’s picture

tim.plunkett
he/him
Primary language English
Location Philadelphia
CreditAttribution: tim.plunkett at Acquia commented
Related issues: +#3042516: Re-evaluate whether Contextual Links are the best interaction for configuring/moving/deleting blocks in Layout Builder

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.0-alpha1 was released on May 6, 2022, which means new developments and disruptive changes should now be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.5.x-dev » 10.1.x-dev

Drupal 9.5.0-beta2 and Drupal 10.0.0-beta2 were released on September 29, 2022, which means new developments and disruptive changes should now be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 10.1.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch, which currently accepts only minor-version allowed changes. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.