From 02513abe698f5d0917f950ebc828fc8693267cb2 Mon Sep 17 00:00:00 2001
From: catch <6915-catch@users.noreply.drupalcode.org>
Date: Mon, 10 Mar 2025 18:09:39 +0000
Subject: [PATCH] Issue #3196245 by prudloff, longwave, smustgrave, berdir,
 catch: UserPermissionsForm should not use overridden permissions

---
 .../user/src/Form/UserPermissionsForm.php     |  2 +-
 .../src/ConfigOverrider.php                   | 49 +++++++++++++++++++
 .../user_config_override_test.info.yml        |  4 ++
 .../user_config_override_test.services.yml    |  5 ++
 .../src/Functional/UserPermissionsTest.php    | 19 +++++++
 5 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 core/modules/user/tests/modules/user_config_override_test/src/ConfigOverrider.php
 create mode 100644 core/modules/user/tests/modules/user_config_override_test/user_config_override_test.info.yml
 create mode 100644 core/modules/user/tests/modules/user_config_override_test/user_config_override_test.services.yml

diff --git a/core/modules/user/src/Form/UserPermissionsForm.php b/core/modules/user/src/Form/UserPermissionsForm.php
index 0428925fa032..95409cbe227d 100644
--- a/core/modules/user/src/Form/UserPermissionsForm.php
+++ b/core/modules/user/src/Form/UserPermissionsForm.php
@@ -86,7 +86,7 @@ public function getFormId() {
    *   An array of role objects.
    */
   protected function getRoles() {
-    return $this->roleStorage->loadMultiple();
+    return $this->roleStorage->loadMultipleOverrideFree();
   }
 
   /**
diff --git a/core/modules/user/tests/modules/user_config_override_test/src/ConfigOverrider.php b/core/modules/user/tests/modules/user_config_override_test/src/ConfigOverrider.php
new file mode 100644
index 000000000000..c5ba5ad89eaf
--- /dev/null
+++ b/core/modules/user/tests/modules/user_config_override_test/src/ConfigOverrider.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\user_config_override_test;
+
+use Drupal\Core\Config\StorableConfigBase;
+use Drupal\Core\Cache\CacheableMetadata;
+use Drupal\Core\Config\ConfigFactoryOverrideInterface;
+use Drupal\Core\Config\StorageInterface;
+
+/**
+ * Tests overridden permissions.
+ */
+class ConfigOverrider implements ConfigFactoryOverrideInterface {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function loadOverrides($names): array {
+    return [
+      'user.role.anonymous' => [
+        'permissions' => [9999 => 'access content'],
+      ],
+    ];
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getCacheSuffix(): string {
+    return 'user_config_override_test';
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getCacheableMetadata($name): CacheableMetadata {
+    return new CacheableMetadata();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function createConfigObject($name, $collection = StorageInterface::DEFAULT_COLLECTION): StorableConfigBase|null {
+    return NULL;
+  }
+
+}
diff --git a/core/modules/user/tests/modules/user_config_override_test/user_config_override_test.info.yml b/core/modules/user/tests/modules/user_config_override_test/user_config_override_test.info.yml
new file mode 100644
index 000000000000..2ccb5cfb2672
--- /dev/null
+++ b/core/modules/user/tests/modules/user_config_override_test/user_config_override_test.info.yml
@@ -0,0 +1,4 @@
+name: 'Permission config overrider'
+type: module
+package: Testing
+version: VERSION
diff --git a/core/modules/user/tests/modules/user_config_override_test/user_config_override_test.services.yml b/core/modules/user/tests/modules/user_config_override_test/user_config_override_test.services.yml
new file mode 100644
index 000000000000..3ed295dd8000
--- /dev/null
+++ b/core/modules/user/tests/modules/user_config_override_test/user_config_override_test.services.yml
@@ -0,0 +1,5 @@
+services:
+  user_config_override_test.overrider:
+    class: Drupal\user_config_override_test\ConfigOverrider
+    tags:
+      - { name: config.factory.override }
diff --git a/core/modules/user/tests/src/Functional/UserPermissionsTest.php b/core/modules/user/tests/src/Functional/UserPermissionsTest.php
index b9faf6363186..456ec9067548 100644
--- a/core/modules/user/tests/src/Functional/UserPermissionsTest.php
+++ b/core/modules/user/tests/src/Functional/UserPermissionsTest.php
@@ -37,6 +37,13 @@ class UserPermissionsTest extends BrowserTestBase {
    */
   protected $defaultTheme = 'stark';
 
+  /**
+   * {@inheritdoc}
+   */
+  protected static $modules = [
+    'user_config_override_test',
+  ];
+
   /**
    * {@inheritdoc}
    */
@@ -333,4 +340,16 @@ public function testBundlePermissionError(): void {
     $assert_session->pageTextNotContains("Entity view display 'node.article.default': Component");
   }
 
+  /**
+   * Verify that the permission form does not use overridden config.
+   *
+   * @see \Drupal\user_config_override_test\ConfigOverrider
+   */
+  public function testOverriddenPermission(): void {
+    $this->drupalLogin($this->adminUser);
+
+    $this->drupalGet('admin/people/permissions');
+    $this->assertSession()->checkboxNotChecked('anonymous[access content]');
+  }
+
 }
-- 
GitLab