From 6a3b965c7dbe6d4d22cbdad4db2fd82b5e3903a0 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Tue, 23 Dec 2014 10:37:57 +0100
Subject: [PATCH] Issue #2011066 by Grimreaper, esbandeira, joshi.rohit100,
 the_contributor: example_author from
 hook_node_grants/hook_node_access_records grants all anon edit/delete to
 uid=0 nodes

---
 core/modules/node/node.api.php | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/core/modules/node/node.api.php b/core/modules/node/node.api.php
index fd099a95b3ba..8110c8309bd7 100644
--- a/core/modules/node/node.api.php
+++ b/core/modules/node/node.api.php
@@ -83,7 +83,9 @@ function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) {
   if ($account->hasPermission('access private content')) {
     $grants['example'] = array(1);
   }
-  $grants['example_author'] = array($account->id());
+  if ($account->id()) {
+    $grants['example_author'] = array($account->id());
+  }
   return $grants;
 }
 
@@ -175,14 +177,16 @@ function hook_node_access_records(\Drupal\node\NodeInterface $node) {
     // means there are many groups of just 1 user.
     // Note that an author can always view his or her nodes, even if they
     // have status unpublished.
-    $grants[] = array(
-      'realm' => 'example_author',
-      'gid' => $node->getOwnerId(),
-      'grant_view' => 1,
-      'grant_update' => 1,
-      'grant_delete' => 1,
-      'langcode' => 'ca'
-    );
+    if ($node->getOwnerId()) {
+      $grants[] = array(
+        'realm' => 'example_author',
+        'gid' => $node->getOwnerId(),
+        'grant_view' => 1,
+        'grant_update' => 1,
+        'grant_delete' => 1,
+        'langcode' => 'ca'
+      );
+    }
 
     return $grants;
   }
-- 
GitLab