From 9889238d38c6d6885c7ed27ac5420d5df4aea7b5 Mon Sep 17 00:00:00 2001 From: Kristen Pol Date: Sat, 20 Jan 2024 20:36:27 -0800 Subject: [PATCH] Added access check for page info. --- src/Utility.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Utility.php b/src/Utility.php index 3124123f..20e2efff 100644 --- a/src/Utility.php +++ b/src/Utility.php @@ -128,6 +128,12 @@ public static function inList($item, array $list) { */ public static function getPageInfo(array $urls = NULL) : string { try { + // Only allow administrators and content editors access. + $roles = ['administrator', 'content_editor', 'editor']; + if (empty(array_intersect($roles, \Drupal::currentUser()->getRoles()))) { + return ''; + } + // Default to the current page. if (!$urls) { $urls = [self::getUrl()];