Skip to content
Snippets Groups Projects
Verified Commit 6ef6a009 authored by Alex Pott's avatar Alex Pott
Browse files

Issue #3412420 by acbramley, douggreen, Hardik_Patel_12, xjm, smustgrave,...

Issue #3412420 by acbramley, douggreen, Hardik_Patel_12, xjm, smustgrave, larowlan: BlockContentAccessControlHandler requires access block library permission for create
parent 238082ab
No related branches found
No related tags found
23 merge requests!11131[10.4.x-only-DO-NOT-MERGE]: Issue ##2842525 Ajax attached to Views exposed filter form does not trigger callbacks,!9470[10.3.x-only-DO-NOT-MERGE]: #3331771 Fix file_get_contents(): Passing null to parameter,!8736Update the Documention As per the Function uses.,!8528Issue #3456871 by Tim Bozeman: Support NULL services,!8513Issue #3453786: DefaultSelection should document why values for target_bundles NULL and [] behave as they do,!3878Removed unused condition head title for views,!3818Issue #2140179: $entity->original gets stale between updates,!3742Issue #3328429: Create item list field formatter for displaying ordered and unordered lists,!3731Claro: role=button on status report items,!3651Issue #3347736: Create new SDC component for Olivero (header-search),!3355Issue #3209129: Scrolling problems when adding a block via layout builder,!3154Fixes #2987987 - CSRF token validation broken on routes with optional parameters.,!3133core/modules/system/css/components/hidden.module.css,!2964Issue #2865710 : Dependencies from only one instance of a widget are used in display modes,!2812Issue #3312049: [Followup] Fix Drupal.Commenting.FunctionComment.MissingReturnType returns for NULL,!2378Issue #2875033: Optimize joins and table selection in SQL entity query implementation,!2062Issue #3246454: Add weekly granularity to views date sort,!10223132456: Fix issue where views instances are emptied before an ajax request is complete,!877Issue #2708101: Default value for link text is not saved,!617Issue #3043725: Provide a Entity Handler for user cancelation,!579Issue #2230909: Simple decimals fail to pass validation,!560Move callback classRemove outside of the loop,!555Issue #3202493
Pipeline #222055 canceled
Pipeline: drupal

#222056

    ...@@ -107,10 +107,8 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter ...@@ -107,10 +107,8 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
    protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermissions($account, [ return AccessResult::allowedIfHasPermissions($account, [
    'create ' . $entity_bundle . ' block content', 'create ' . $entity_bundle . ' block content',
    'access block library',
    ])->orIf(AccessResult::allowedIfHasPermissions($account, [
    'administer block content', 'administer block content',
    ])); ], 'OR');
    } }
    } }
    ...@@ -74,6 +74,13 @@ public function testBlockContentCreation(): void { ...@@ -74,6 +74,13 @@ public function testBlockContentCreation(): void {
    // Check that the block exists in the database. // Check that the block exists in the database.
    $block = $this->getBlockByLabel($edit['info[0][value]']); $block = $this->getBlockByLabel($edit['info[0][value]']);
    $this->assertNotEmpty($block, 'Content Block found in database.'); $this->assertNotEmpty($block, 'Content Block found in database.');
    // Ensure a user with just the create permission can access the page.
    $this->drupalLogin($this->drupalCreateUser([
    'create basic block content',
    ]));
    $this->drupalGet('block/add/basic');
    $this->assertSession()->statusCodeEquals(200);
    } }
    /** /**
    ......
    ...@@ -47,7 +47,7 @@ protected function setUpAuthorization($method) { ...@@ -47,7 +47,7 @@ protected function setUpAuthorization($method) {
    break; break;
    case 'POST': case 'POST':
    $this->grantPermissionsToTestedRole(['access block library', 'create basic block content']); $this->grantPermissionsToTestedRole(['create basic block content']);
    break; break;
    case 'DELETE': case 'DELETE':
    ...@@ -199,7 +199,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) { ...@@ -199,7 +199,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
    if (!$this->resourceConfigStorage->load(static::$resourceConfigId)) { if (!$this->resourceConfigStorage->load(static::$resourceConfigId)) {
    return match ($method) { return match ($method) {
    'GET', 'PATCH' => "The 'edit any basic block content' permission is required.", 'GET', 'PATCH' => "The 'edit any basic block content' permission is required.",
    'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.", 'POST' => "The following permissions are required: 'create basic block content' OR 'administer block content'.",
    'DELETE' => "The 'delete any basic block content' permission is required.", 'DELETE' => "The 'delete any basic block content' permission is required.",
    default => parent::getExpectedUnauthorizedAccessMessage($method), default => parent::getExpectedUnauthorizedAccessMessage($method),
    }; };
    ...@@ -207,7 +207,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) { ...@@ -207,7 +207,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
    return match ($method) { return match ($method) {
    'GET' => "The 'access block library' permission is required.", 'GET' => "The 'access block library' permission is required.",
    'PATCH' => "The 'edit any basic block content' permission is required.", 'PATCH' => "The 'edit any basic block content' permission is required.",
    'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.", 'POST' => "The following permissions are required: 'create basic block content' OR 'administer block content'.",
    'DELETE' => "The 'delete any basic block content' permission is required.", 'DELETE' => "The 'delete any basic block content' permission is required.",
    default => parent::getExpectedUnauthorizedAccessMessage($method), default => parent::getExpectedUnauthorizedAccessMessage($method),
    }; };
    ......
    ...@@ -83,7 +83,7 @@ protected function setUpAuthorization($method) { ...@@ -83,7 +83,7 @@ protected function setUpAuthorization($method) {
    break; break;
    case 'POST': case 'POST':
    $this->grantPermissionsToTestedRole(['access block library', 'create basic block content']); $this->grantPermissionsToTestedRole(['create basic block content']);
    break; break;
    case 'DELETE': case 'DELETE':
    ...@@ -220,7 +220,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) { ...@@ -220,7 +220,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
    return match ($method) { return match ($method) {
    'GET' => "The 'access block library' permission is required.", 'GET' => "The 'access block library' permission is required.",
    'PATCH' => "The 'edit any basic block content' permission is required.", 'PATCH' => "The 'edit any basic block content' permission is required.",
    'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.", 'POST' => "The following permissions are required: 'create basic block content' OR 'administer block content'.",
    'DELETE' => "The 'delete any basic block content' permission is required.", 'DELETE' => "The 'delete any basic block content' permission is required.",
    default => parent::getExpectedUnauthorizedAccessMessage($method), default => parent::getExpectedUnauthorizedAccessMessage($method),
    }; };
    ......
    0% Loading or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment