From 16da1ce85beae654fd9789daeb5dc40d2f15fd25 Mon Sep 17 00:00:00 2001
From: Lauri Eskola <lauri.eskola@acquia.com>
Date: Tue, 21 Mar 2023 12:08:45 +0200
Subject: [PATCH] Issue #3347816 by mpp, AlexGreen, lauriii: Only show link to
 taxonomy overview when user has access

---
 core/modules/taxonomy/src/TermForm.php                 |  1 +
 .../modules/taxonomy/tests/src/Functional/TermTest.php | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/core/modules/taxonomy/src/TermForm.php b/core/modules/taxonomy/src/TermForm.php
index d5966ccf0179..ee84dd6995f9 100644
--- a/core/modules/taxonomy/src/TermForm.php
+++ b/core/modules/taxonomy/src/TermForm.php
@@ -109,6 +109,7 @@ protected function actions(array $form, FormStateInterface $form_state) {
         '#value' => $this->t('Save and go to list'),
         '#weight' => 20,
         '#submit' => array_merge($element['submit']['#submit'], ['::overview']),
+        '#access' => $this->currentUser()->hasPermission('access taxonomy overview'),
       ];
     }
 
diff --git a/core/modules/taxonomy/tests/src/Functional/TermTest.php b/core/modules/taxonomy/tests/src/Functional/TermTest.php
index 98fa1b65e546..26137071ab56 100644
--- a/core/modules/taxonomy/tests/src/Functional/TermTest.php
+++ b/core/modules/taxonomy/tests/src/Functional/TermTest.php
@@ -56,6 +56,7 @@ protected function setUp(): void {
 
     $this->drupalLogin($this->drupalCreateUser([
       'administer taxonomy',
+      'access taxonomy overview',
       'bypass node access',
     ]));
     $this->vocabulary = $this->createVocabulary();
@@ -437,6 +438,15 @@ public function testTermInterface() {
     // parameter is present.
     $this->drupalGet('admin/structure/taxonomy/manage/' . $this->vocabulary->id() . '/add', ['query' => ['destination' => 'node/add']]);
     $this->assertSession()->pageTextNotContains('Save and go to list');
+
+    // Validate that "Save and go to list" doesn't exist when missing permission
+    // 'access taxonomy overview'.
+    $this->drupalLogin($this->drupalCreateUser([
+      'administer taxonomy',
+      'bypass node access',
+    ]));
+    $this->drupalGet('admin/structure/taxonomy/manage/' . $this->vocabulary->id() . '/add');
+    $this->assertSession()->pageTextNotContains('Save and go to list');
   }
 
   /**
-- 
GitLab