From 2023ce8e0c8df3c875f09d21037914cfd34e425f Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Tue, 17 Apr 2018 13:06:06 +0100
Subject: [PATCH] Issue #2950125 by owenbush, Wim Leers: Add helpful reason for
 'update' and 'delete' access not being allowed to CommentAccessControlHandler

---
 core/modules/comment/src/CommentAccessControlHandler.php   | 7 ++++++-
 .../EntityResource/Comment/CommentResourceTestBase.php     | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/core/modules/comment/src/CommentAccessControlHandler.php b/core/modules/comment/src/CommentAccessControlHandler.php
index bcb0fd7a082b..6e811a97d31f 100644
--- a/core/modules/comment/src/CommentAccessControlHandler.php
+++ b/core/modules/comment/src/CommentAccessControlHandler.php
@@ -45,7 +45,12 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
         return $access_result;
 
       case 'update':
-        return AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
+        $access_result = AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))
+          ->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
+        if (!$access_result->isAllowed()) {
+          $access_result->setReason("The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.");
+        }
+        return $access_result;
 
       default:
         // No opinion.
diff --git a/core/modules/rest/tests/src/Functional/EntityResource/Comment/CommentResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/Comment/CommentResourceTestBase.php
index d3098545cdfe..768fb742a983 100644
--- a/core/modules/rest/tests/src/Functional/EntityResource/Comment/CommentResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/Comment/CommentResourceTestBase.php
@@ -335,6 +335,8 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
         return "The 'access comments' permission is required and the comment must be published.";
       case 'POST';
         return "The 'post comments' permission is required.";
+      case 'PATCH';
+        return "The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.";
       default:
         return parent::getExpectedUnauthorizedAccessMessage($method);
     }
-- 
GitLab