Issue #3412420 by acbramley, douggreen, Hardik_Patel_12, xjm, smustgrave,...

Issue #3412420 by acbramley, douggreen, Hardik_Patel_12, xjm, smustgrave, larowlan: BlockContentAccessControlHandler requires access block library permission for create

Issue #3412420 by acbramley, douggreen, Hardik_Patel_12, xjm, smustgrave,...
6ef6a009 · Alex Pott · 238082ab · 6ef6a009 · 6ef6a009 · 6ef6a009
Verified Commit 6ef6a009 authored Jul 11, 2024 by Alex Pott
--- a/core/modules/block_content/src/BlockContentAccessControlHandler.php
+++ b/core/modules/block_content/src/BlockContentAccessControlHandler.php
@@ -107,10 +107,8 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermissions($account, [
      'create ' . $entity_bundle . ' block content',
-      'access block library',
-    ])->orIf(AccessResult::allowedIfHasPermissions($account, [
      'administer block content',
-    ]));
+    ], 'OR');
  }

 }
--- a/core/modules/block_content/tests/src/Functional/BlockContentCreationTest.php
+++ b/core/modules/block_content/tests/src/Functional/BlockContentCreationTest.php
@@ -74,6 +74,13 @@ public function testBlockContentCreation(): void {
    // Check that the block exists in the database.
    $block = $this->getBlockByLabel($edit['info[0][value]']);
    $this->assertNotEmpty($block, 'Content Block found in database.');
+
+    // Ensure a user with just the create permission can access the page.
+    $this->drupalLogin($this->drupalCreateUser([
+      'create basic block content',
+    ]));
+    $this->drupalGet('block/add/basic');
+    $this->assertSession()->statusCodeEquals(200);
  }

  /**

--- a/core/modules/block_content/tests/src/Functional/Rest/BlockContentResourceTestBase.php
+++ b/core/modules/block_content/tests/src/Functional/Rest/BlockContentResourceTestBase.php
@@ -47,7 +47,7 @@ protected function setUpAuthorization($method) {
        break;

      case 'POST':
-        $this->grantPermissionsToTestedRole(['access block library', 'create basic block content']);
+        $this->grantPermissionsToTestedRole(['create basic block content']);
        break;

      case 'DELETE':
@@ -199,7 +199,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
    if (!$this->resourceConfigStorage->load(static::$resourceConfigId)) {
      return match ($method) {
        'GET', 'PATCH' => "The 'edit any basic block content' permission is required.",
-        'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.",
+        'POST' => "The following permissions are required: 'create basic block content' OR 'administer block content'.",
        'DELETE' => "The 'delete any basic block content' permission is required.",
        default => parent::getExpectedUnauthorizedAccessMessage($method),
      };
@@ -207,7 +207,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
    return match ($method) {
      'GET' => "The 'access block library' permission is required.",
      'PATCH' => "The 'edit any basic block content' permission is required.",
-      'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.",
+      'POST' => "The following permissions are required: 'create basic block content' OR 'administer block content'.",
      'DELETE' => "The 'delete any basic block content' permission is required.",
      default => parent::getExpectedUnauthorizedAccessMessage($method),
    };

--- a/core/modules/jsonapi/tests/src/Functional/BlockContentTest.php
+++ b/core/modules/jsonapi/tests/src/Functional/BlockContentTest.php
@@ -83,7 +83,7 @@ protected function setUpAuthorization($method) {
        break;

      case 'POST':
-        $this->grantPermissionsToTestedRole(['access block library', 'create basic block content']);
+        $this->grantPermissionsToTestedRole(['create basic block content']);
        break;

      case 'DELETE':
@@ -220,7 +220,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
    return match ($method) {
      'GET' => "The 'access block library' permission is required.",
      'PATCH' => "The 'edit any basic block content' permission is required.",
-      'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.",
+      'POST' => "The following permissions are required: 'create basic block content' OR 'administer block content'.",
      'DELETE' => "The 'delete any basic block content' permission is required.",
      default => parent::getExpectedUnauthorizedAccessMessage($method),
    };