Issue #2427713 by dashaforbes, mbovan: Contact module doesn't implement AccessControlHandler

core/modules/contact/src/ContactMessageAccessControlHandler.php

+<?php
+
+/**
+ * @file
+ * Contains \Drupal\contact\ContactMessageAccessControlHandler.
+ */
+
+namespace Drupal\contact;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Entity\EntityAccessControlHandler;
+use Drupal\Core\Session\AccountInterface;
+
+/**
+ * Defines the access control handler for the message form entity type.
+ *
+ * @see \Drupal\contact\Entity\Message.
+ */
+class ContactMessageAccessControlHandler extends EntityAccessControlHandler {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
+    return AccessResult::allowedIfHasPermission($account, 'access site-wide contact form');
+  }
+}

core/modules/contact/src/Entity/Message.php

@@ -19,12 +19,14 @@
  *   id = "contact_message",
  *   label = @Translation("Contact message"),
  *   handlers = {
+ *     "access" = "Drupal\contact\ContactMessageAccessControlHandler",
  *     "storage" = "Drupal\Core\Entity\ContentEntityNullStorage",
  *     "view_builder" = "Drupal\contact\MessageViewBuilder",
  *     "form" = {
  *       "default" = "Drupal\contact\MessageForm"
  *     }
  *   },
+ *   admin_permission = "administer contact forms",
  *   entity_keys = {
  *     "bundle" = "contact_form",
  *     "uuid" = "uuid"

core/modules/contact/src/Tests/MessageEntityTest.php

@@ -7,7 +7,7 @@
 namespace Drupal\contact\Tests;
 
 use Drupal\contact\Entity\Message;
-use Drupal\simpletest\KernelTestBase;
+use Drupal\system\Tests\Entity\EntityUnitTestBase;
 
 /**
  * Tests the message entity class.
@@ -15,7 +15,7 @@
  * @group contact
  * @see \Drupal\contact\Entity\Message
  */
-class MessageEntityTest extends KernelTestBase {
+class MessageEntityTest extends EntityUnitTestBase {
 
   /**
    * Modules to enable.
@@ -62,6 +62,15 @@ public function testMessageMethods() {
     $this->assertEqual($message->getSenderName(), 'sender_name');
     $this->assertEqual($message->getSenderMail(), 'sender_mail');
     $this->assertTrue($message->copySender());
+
+    $no_access_user = $this->createUser(['uid' => 2]);
+    $access_user = $this->createUser(['uid' => 3], ['access site-wide contact form']);
+    $admin = $this->createUser(['uid' => 4], ['administer contact forms']);
+
+    $this->assertFalse(\Drupal::entityManager()->getAccessControlHandler('contact_message')->createAccess(NULL, $no_access_user));
+    $this->assertTrue(\Drupal::entityManager()->getAccessControlHandler('contact_message')->createAccess(NULL, $access_user));
+    $this->assertTrue($message->access('edit', $admin));
+    $this->assertFalse($message->access('edit', $access_user));
   }
 
 }