From 9baa43976cd089a3d59da2e20633cd5e87d9d46e Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Tue, 9 Apr 2024 11:48:50 +0100
Subject: [PATCH] =?UTF-8?q?Issue=20#540008=20by=20kristiaanvandeneynde,=20?=
=?UTF-8?q?Spokje,=20daffie,=20clayfreeman,=20alexpott,=20eelkeblok,=20mic?=
=?UTF-8?q?haelfavia,=20ianthomas=5Fuk,=20zaporylie,=20johnwebdev,=20abhis?=
=?UTF-8?q?ekmazumdar,=20anmolgoyal74,=20greggles,=20quietone,=20shaal,=20?=
=?UTF-8?q?catch,=20rivimey,=20AaronMcHale,=20Berdir,=20ndf,=20xjm,=20finn?=
=?UTF-8?q?e,=20Wim=20Leers,=20esolitos,=20heddn,=20webchick,=20Bojhan,=20?=
=?UTF-8?q?andypost,=20efpapado,=20benjifisher,=20lauriii,=20G=C3=A1bor=20?=
=?UTF-8?q?Hojtsy,=20moshe=20weitzman,=20harings=5Frob:=20Add=20a=20contai?=
=?UTF-8?q?ner=20parameter=20that=20can=20remove=20the=20special=20behavio?=
=?UTF-8?q?r=20of=20UID#1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../scaffold/files/default.services.yml | 4 ++
core/core.services.yml | 1 +
core/lib/Drupal/Core/CoreServiceProvider.php | 3 ++
.../Compiler/SuperUserAccessPolicyPass.php | 23 ++++++++
.../Core/Test/FunctionalTestSetupTrait.php | 18 +++++++
.../tests/src/Functional/BlockHtmlTest.php | 8 +++
.../tests/src/Functional/BlockXssTest.php | 8 +++
.../BlockContextualLinksTest.php | 8 +++
.../src/Functional/CommentStatisticsTest.php | 8 +++
.../Functional/ConfigExportImportUITest.php | 8 +++
.../LanguageNegotiationFormOverrideTest.php | 8 +++
.../ModerationContentTranslationTest.php | 8 +++
.../src/Functional/ModerationFormTest.php | 8 +++
.../src/Functional/ModerationLocaleTest.php | 8 +++
.../Functional/ModerationStateBlockTest.php | 8 +++
...kspaceContentModerationIntegrationTest.php | 8 +++
.../EntityStateChangeValidationTest.php | 8 +++
.../ContentTranslationEnableTest.php | 8 +++
...ewTranslationWithExistingRevisionsTest.php | 8 +++
...slationOutdatedRevisionTranslationTest.php | 8 +++
...slationRevisionTranslationDeletionTest.php | 8 +++
...entTranslationUntranslatableFieldsTest.php | 8 +++
.../EntityReferenceXSSTest.php | 8 +++
.../FieldDefaultValueCallbackTest.php | 8 +++
.../tests/src/Functional/FieldUIRouteTest.php | 8 +++
.../file/tests/src/Kernel/SaveTest.php | 8 +++
.../src/Functional/ForumUninstallTest.php | 8 +++
.../help/tests/src/Functional/HelpTest.php | 8 +++
.../src/Functional/HelpTopicSearchTest.php | 8 +++
.../src/Functional/HelpTopicsSyntaxTest.php | 8 +++
.../LanguageConfigOverrideImportTest.php | 8 +++
.../Functional/LayoutBuilderOverridesTest.php | 8 +++
.../src/Functional/LocaleLocaleLookupTest.php | 8 +++
.../src/Functional/MediaRequirementsTest.php | 8 +++
.../ContentModerationTest.php | 8 +++
.../tests/src/Functional/MenuUiNodeTest.php | 8 +++
.../src/Functional/MigrateControllerTest.php | 8 +++
.../Functional/NodeAccessCacheabilityTest.php | 8 +++
.../NodeAccessGrantsCacheContextTest.php | 8 +++
...NodeAccessLanguageAwareCombinationTest.php | 8 +++
.../Kernel/NodeAccessLanguageAwareTest.php | 8 +++
.../src/Kernel/NodeAccessLanguageTest.php | 8 +++
.../Kernel/Views/NodeViewsFieldAccessTest.php | 8 +++
.../Functional/PathContentModerationTest.php | 8 +++
.../src/Functional/ShortcutCacheTagsTest.php | 8 +++
.../src/Functional/ShortcutLinksTest.php | 8 +++
.../Bootstrap/DrupalMessengerServiceTest.php | 8 +++
.../EntityReferenceFieldCreationTest.php | 8 +++
.../File/FileSaveHtaccessLoggingTest.php | 11 ++++
.../src/Functional/Menu/LocalTasksTest.php | 8 +++
.../src/Functional/Module/ClassLoaderTest.php | 8 +++
.../Module/GenericModuleTestBase.php | 8 +++
.../System/DateFormatsLockedTest.php | 8 +++
.../MaintenanceThemeUpdateRegistryTest.php | 8 +++
.../UpdateSystem/UpdateScriptTest.php | 8 +++
.../DateFormatAccessControlHandlerTest.php | 8 +++
.../EntityReferenceSelectionAccessTest.php | 8 +++
.../Kernel/MenuAccessControlHandlerTest.php | 8 +++
.../src/Kernel/Views/TaxonomyFieldVidTest.php | 8 +++
.../ToolbarActiveTrailTest.php | 8 +++
.../src/Functional/UserRequirementsTest.php | 8 +++
.../tests/src/Kernel/WhoIsOnlineBlockTest.php | 8 +++
.../Handler/FieldEntityLinkBaseTest.php | 8 +++
.../Plugin/ContextualFiltersStringTest.php | 8 +++
.../Functional/Plugin/DisplayPageWebTest.php | 8 +++
.../src/Functional/UserBatchActionTest.php | 8 +++
.../src/Kernel/Handler/FieldFieldTest.php | 8 +++
.../tests/src/Kernel/Plugin/RssFieldsTest.php | 8 +++
.../src/Functional/PathWorkspacesTest.php | 8 +++
.../tests/src/Functional/WorkspaceTest.php | 8 +++
.../Functional/WorkspacesUninstallTest.php | 8 +++
.../tests/src/Functional/MinimalTest.php | 8 +++
.../tests/src/Functional/StandardTest.php | 15 ++++++
.../FunctionalTests/Theme/ClaroTest.php | 8 +++
.../Core/Entity/RouteProviderTest.php | 8 +++
.../Core/Render/RenderCacheTest.php | 8 +++
.../Core/Session/SuperUserPermissionsTest.php | 52 +++++++++++++++++++
.../Drupal/KernelTests/KernelTestBase.php | 19 +++++++
.../Commands/TestSiteInstallCommand.php | 11 ++++
sites/default/default.services.yml | 4 ++
80 files changed, 713 insertions(+)
create mode 100644 core/lib/Drupal/Core/DependencyInjection/Compiler/SuperUserAccessPolicyPass.php
create mode 100644 core/tests/Drupal/KernelTests/Core/Session/SuperUserPermissionsTest.php
diff --git a/core/assets/scaffold/files/default.services.yml b/core/assets/scaffold/files/default.services.yml
index c4b964fc2900..239ec7b3a560 100644
--- a/core/assets/scaffold/files/default.services.yml
+++ b/core/assets/scaffold/files/default.services.yml
@@ -1,4 +1,8 @@
parameters:
+ # Toggles the super user access policy. If your website has at least one user
+ # with the Administrator role, it is advised to set this to false. This allows
+ # you to make user 1 a regular user, strengthening the security of your site.
+ security.enable_super_user: true
session.storage.options:
# Default ini options for sessions.
#
diff --git a/core/core.services.yml b/core/core.services.yml
index 9e10e74af4bd..d21e0074da86 100644
--- a/core/core.services.yml
+++ b/core/core.services.yml
@@ -8,6 +8,7 @@ parameters:
# function properly before that runs.
cache_default_bin_backends: []
memory_cache_default_bin_backends: []
+ security.enable_super_user: true
session.storage.options:
gc_probability: 1
gc_divisor: 100
diff --git a/core/lib/Drupal/Core/CoreServiceProvider.php b/core/lib/Drupal/Core/CoreServiceProvider.php
index 1fb4cbadb645..f8221fe69126 100644
--- a/core/lib/Drupal/Core/CoreServiceProvider.php
+++ b/core/lib/Drupal/Core/CoreServiceProvider.php
@@ -18,6 +18,7 @@
use Drupal\Core\DependencyInjection\Compiler\RegisterStreamWrappersPass;
use Drupal\Core\DependencyInjection\Compiler\StackedKernelPass;
use Drupal\Core\DependencyInjection\Compiler\StackedSessionHandlerPass;
+use Drupal\Core\DependencyInjection\Compiler\SuperUserAccessPolicyPass;
use Drupal\Core\DependencyInjection\Compiler\TaggedHandlersPass;
use Drupal\Core\DependencyInjection\Compiler\TwigExtensionPass;
use Drupal\Core\DependencyInjection\ContainerBuilder;
@@ -66,6 +67,8 @@ public function register(ContainerBuilder $container) {
$container->addCompilerPass(new DevelopmentSettingsPass());
+ $container->addCompilerPass(new SuperUserAccessPolicyPass());
+
$container->addCompilerPass(new ProxyServicesPass());
$container->addCompilerPass(new BackendCompilerPass());
diff --git a/core/lib/Drupal/Core/DependencyInjection/Compiler/SuperUserAccessPolicyPass.php b/core/lib/Drupal/Core/DependencyInjection/Compiler/SuperUserAccessPolicyPass.php
new file mode 100644
index 000000000000..cb3deb996158
--- /dev/null
+++ b/core/lib/Drupal/Core/DependencyInjection/Compiler/SuperUserAccessPolicyPass.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace Drupal\Core\DependencyInjection\Compiler;
+
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+
+/**
+ * Removes the super user access policy when toggled off.
+ */
+class SuperUserAccessPolicyPass implements CompilerPassInterface {
+
+ /**
+ * {@inheritdoc}
+ */
+ public function process(ContainerBuilder $container): void {
+ if ($container->getParameter('security.enable_super_user') === FALSE) {
+ $container->removeDefinition('access_policy.super_user');
+ $container->removeAlias('Drupal\Core\Session\SuperUserAccessPolicy');
+ }
+ }
+
+}
diff --git a/core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php b/core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php
index b7c6d8861231..14ec4d3e35e3 100644
--- a/core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php
+++ b/core/lib/Drupal/Core/Test/FunctionalTestSetupTrait.php
@@ -60,6 +60,15 @@ trait FunctionalTestSetupTrait {
*/
protected $apcuEnsureUniquePrefix = FALSE;
+ /**
+ * Set to TRUE to make user 1 a super user.
+ *
+ * @see \Drupal\Core\Session\SuperUserAccessPolicy
+ *
+ * @var bool
+ */
+ protected bool $usesSuperUserAccessPolicy;
+
/**
* Prepares site settings and services before installation.
*/
@@ -138,6 +147,15 @@ protected function prepareSettings() {
// from running during tests.
$services = $yaml->parse($content);
$services['parameters']['session.storage.options']['gc_probability'] = 0;
+ // Disable the super user access policy so that we are sure our tests check
+ // for the right permissions.
+ if (!isset($this->usesSuperUserAccessPolicy)) {
+ $test_file_name = (new \ReflectionClass($this))->getFileName();
+ // @todo Decide in https://www.drupal.org/project/drupal/issues/3437926
+ // how to remove this fallback behavior.
+ $this->usesSuperUserAccessPolicy = !str_starts_with($test_file_name, $this->root . DIRECTORY_SEPARATOR . 'core');
+ }
+ $services['parameters']['security.enable_super_user'] = $this->usesSuperUserAccessPolicy;
if ($this->strictConfigSchema) {
// Add a listener to validate configuration schema on save.
$test_file_name = (new \ReflectionClass($this))->getFileName();
diff --git a/core/modules/block/tests/src/Functional/BlockHtmlTest.php b/core/modules/block/tests/src/Functional/BlockHtmlTest.php
index 6dc6853500c0..89cd2a46ce6b 100644
--- a/core/modules/block/tests/src/Functional/BlockHtmlTest.php
+++ b/core/modules/block/tests/src/Functional/BlockHtmlTest.php
@@ -20,6 +20,14 @@ class BlockHtmlTest extends BrowserTestBase {
*/
protected static $modules = ['block', 'block_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/block/tests/src/Functional/BlockXssTest.php b/core/modules/block/tests/src/Functional/BlockXssTest.php
index dc95fea4d08f..f68350a6b0b9 100644
--- a/core/modules/block/tests/src/Functional/BlockXssTest.php
+++ b/core/modules/block/tests/src/Functional/BlockXssTest.php
@@ -25,6 +25,14 @@ class BlockXssTest extends BrowserTestBase {
*/
protected static $modules = ['block', 'block_content', 'menu_ui', 'views'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/block/tests/src/FunctionalJavascript/BlockContextualLinksTest.php b/core/modules/block/tests/src/FunctionalJavascript/BlockContextualLinksTest.php
index 8e8e7651d945..a494ae5e6da4 100644
--- a/core/modules/block/tests/src/FunctionalJavascript/BlockContextualLinksTest.php
+++ b/core/modules/block/tests/src/FunctionalJavascript/BlockContextualLinksTest.php
@@ -18,6 +18,14 @@ class BlockContextualLinksTest extends WebDriverTestBase {
*/
protected static $modules = ['user', 'block', 'contextual'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/comment/tests/src/Functional/CommentStatisticsTest.php b/core/modules/comment/tests/src/Functional/CommentStatisticsTest.php
index e12433721936..64ccf1d2b31c 100644
--- a/core/modules/comment/tests/src/Functional/CommentStatisticsTest.php
+++ b/core/modules/comment/tests/src/Functional/CommentStatisticsTest.php
@@ -15,6 +15,14 @@
*/
class CommentStatisticsTest extends CommentTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* A secondary user for posting comments.
*
diff --git a/core/modules/config/tests/src/Functional/ConfigExportImportUITest.php b/core/modules/config/tests/src/Functional/ConfigExportImportUITest.php
index a06d6256596b..7e9ddd942818 100644
--- a/core/modules/config/tests/src/Functional/ConfigExportImportUITest.php
+++ b/core/modules/config/tests/src/Functional/ConfigExportImportUITest.php
@@ -70,6 +70,14 @@ class ConfigExportImportUITest extends BrowserTestBase {
*/
protected static $modules = ['config', 'node', 'field'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/config/tests/src/Functional/LanguageNegotiationFormOverrideTest.php b/core/modules/config/tests/src/Functional/LanguageNegotiationFormOverrideTest.php
index 305a6ba74246..a1cabcd894d3 100644
--- a/core/modules/config/tests/src/Functional/LanguageNegotiationFormOverrideTest.php
+++ b/core/modules/config/tests/src/Functional/LanguageNegotiationFormOverrideTest.php
@@ -16,6 +16,14 @@ class LanguageNegotiationFormOverrideTest extends BrowserTestBase {
protected static $modules = ['language', 'locale', 'locale_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_moderation/tests/src/Functional/ModerationContentTranslationTest.php b/core/modules/content_moderation/tests/src/Functional/ModerationContentTranslationTest.php
index 6f312c1dd689..fe0fd22454f4 100644
--- a/core/modules/content_moderation/tests/src/Functional/ModerationContentTranslationTest.php
+++ b/core/modules/content_moderation/tests/src/Functional/ModerationContentTranslationTest.php
@@ -36,6 +36,14 @@ class ModerationContentTranslationTest extends BrowserTestBase {
'content_translation',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_moderation/tests/src/Functional/ModerationFormTest.php b/core/modules/content_moderation/tests/src/Functional/ModerationFormTest.php
index 71dffde8e88b..d84d3f97c446 100644
--- a/core/modules/content_moderation/tests/src/Functional/ModerationFormTest.php
+++ b/core/modules/content_moderation/tests/src/Functional/ModerationFormTest.php
@@ -30,6 +30,14 @@ class ModerationFormTest extends ModerationStateTestBase {
'content_translation',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_moderation/tests/src/Functional/ModerationLocaleTest.php b/core/modules/content_moderation/tests/src/Functional/ModerationLocaleTest.php
index e145c082fab2..d4bce6246029 100644
--- a/core/modules/content_moderation/tests/src/Functional/ModerationLocaleTest.php
+++ b/core/modules/content_moderation/tests/src/Functional/ModerationLocaleTest.php
@@ -29,6 +29,14 @@ class ModerationLocaleTest extends ModerationStateTestBase {
'content_translation',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_moderation/tests/src/Functional/ModerationStateBlockTest.php b/core/modules/content_moderation/tests/src/Functional/ModerationStateBlockTest.php
index f4d3bef5d2f5..34b03ed22ff5 100644
--- a/core/modules/content_moderation/tests/src/Functional/ModerationStateBlockTest.php
+++ b/core/modules/content_moderation/tests/src/Functional/ModerationStateBlockTest.php
@@ -14,6 +14,14 @@
*/
class ModerationStateBlockTest extends ModerationStateTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_moderation/tests/src/Functional/WorkspaceContentModerationIntegrationTest.php b/core/modules/content_moderation/tests/src/Functional/WorkspaceContentModerationIntegrationTest.php
index 6e3be8786bac..bb47a4e89e11 100644
--- a/core/modules/content_moderation/tests/src/Functional/WorkspaceContentModerationIntegrationTest.php
+++ b/core/modules/content_moderation/tests/src/Functional/WorkspaceContentModerationIntegrationTest.php
@@ -22,6 +22,14 @@ class WorkspaceContentModerationIntegrationTest extends ModerationStateTestBase
*/
protected static $modules = ['node', 'workspaces'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_moderation/tests/src/Kernel/EntityStateChangeValidationTest.php b/core/modules/content_moderation/tests/src/Kernel/EntityStateChangeValidationTest.php
index 80ebf288c217..b1722d4ae448 100644
--- a/core/modules/content_moderation/tests/src/Kernel/EntityStateChangeValidationTest.php
+++ b/core/modules/content_moderation/tests/src/Kernel/EntityStateChangeValidationTest.php
@@ -31,6 +31,14 @@ class EntityStateChangeValidationTest extends KernelTestBase {
'workflows',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* An admin user.
*
diff --git a/core/modules/content_translation/tests/src/Functional/ContentTranslationEnableTest.php b/core/modules/content_translation/tests/src/Functional/ContentTranslationEnableTest.php
index e462a2a81b68..67778bf16741 100644
--- a/core/modules/content_translation/tests/src/Functional/ContentTranslationEnableTest.php
+++ b/core/modules/content_translation/tests/src/Functional/ContentTranslationEnableTest.php
@@ -20,6 +20,14 @@ class ContentTranslationEnableTest extends BrowserTestBase {
*/
protected static $modules = ['entity_test', 'menu_link_content', 'node'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_translation/tests/src/Functional/ContentTranslationNewTranslationWithExistingRevisionsTest.php b/core/modules/content_translation/tests/src/Functional/ContentTranslationNewTranslationWithExistingRevisionsTest.php
index 7460f1fd8e16..ccad2c9bad2d 100644
--- a/core/modules/content_translation/tests/src/Functional/ContentTranslationNewTranslationWithExistingRevisionsTest.php
+++ b/core/modules/content_translation/tests/src/Functional/ContentTranslationNewTranslationWithExistingRevisionsTest.php
@@ -25,6 +25,14 @@ class ContentTranslationNewTranslationWithExistingRevisionsTest extends ContentT
'node',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_translation/tests/src/Functional/ContentTranslationOutdatedRevisionTranslationTest.php b/core/modules/content_translation/tests/src/Functional/ContentTranslationOutdatedRevisionTranslationTest.php
index 19bf67cdfb9d..2361421e3f32 100644
--- a/core/modules/content_translation/tests/src/Functional/ContentTranslationOutdatedRevisionTranslationTest.php
+++ b/core/modules/content_translation/tests/src/Functional/ContentTranslationOutdatedRevisionTranslationTest.php
@@ -14,6 +14,14 @@
*/
class ContentTranslationOutdatedRevisionTranslationTest extends ContentTranslationPendingRevisionTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_translation/tests/src/Functional/ContentTranslationRevisionTranslationDeletionTest.php b/core/modules/content_translation/tests/src/Functional/ContentTranslationRevisionTranslationDeletionTest.php
index c5ede536ef19..2f81f4c766e0 100644
--- a/core/modules/content_translation/tests/src/Functional/ContentTranslationRevisionTranslationDeletionTest.php
+++ b/core/modules/content_translation/tests/src/Functional/ContentTranslationRevisionTranslationDeletionTest.php
@@ -14,6 +14,14 @@
*/
class ContentTranslationRevisionTranslationDeletionTest extends ContentTranslationPendingRevisionTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/content_translation/tests/src/Functional/ContentTranslationUntranslatableFieldsTest.php b/core/modules/content_translation/tests/src/Functional/ContentTranslationUntranslatableFieldsTest.php
index 68773886870f..2a12a8ad2a01 100644
--- a/core/modules/content_translation/tests/src/Functional/ContentTranslationUntranslatableFieldsTest.php
+++ b/core/modules/content_translation/tests/src/Functional/ContentTranslationUntranslatableFieldsTest.php
@@ -24,6 +24,14 @@ class ContentTranslationUntranslatableFieldsTest extends ContentTranslationPendi
*/
protected static $modules = ['field_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/field/tests/src/Functional/EntityReference/EntityReferenceXSSTest.php b/core/modules/field/tests/src/Functional/EntityReference/EntityReferenceXSSTest.php
index ab811e59c320..6017fb4059fe 100644
--- a/core/modules/field/tests/src/Functional/EntityReference/EntityReferenceXSSTest.php
+++ b/core/modules/field/tests/src/Functional/EntityReference/EntityReferenceXSSTest.php
@@ -25,6 +25,14 @@ class EntityReferenceXSSTest extends BrowserTestBase {
*/
protected static $modules = ['node'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/field/tests/src/Functional/FieldDefaultValueCallbackTest.php b/core/modules/field/tests/src/Functional/FieldDefaultValueCallbackTest.php
index 489d4132705c..41537e37c8d8 100644
--- a/core/modules/field/tests/src/Functional/FieldDefaultValueCallbackTest.php
+++ b/core/modules/field/tests/src/Functional/FieldDefaultValueCallbackTest.php
@@ -22,6 +22,14 @@ class FieldDefaultValueCallbackTest extends BrowserTestBase {
*/
protected static $modules = ['node', 'field_test', 'field_ui'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/field_ui/tests/src/Functional/FieldUIRouteTest.php b/core/modules/field_ui/tests/src/Functional/FieldUIRouteTest.php
index e75e5714cc91..963143ea2b89 100644
--- a/core/modules/field_ui/tests/src/Functional/FieldUIRouteTest.php
+++ b/core/modules/field_ui/tests/src/Functional/FieldUIRouteTest.php
@@ -22,6 +22,14 @@ class FieldUIRouteTest extends BrowserTestBase {
*/
protected static $modules = ['block', 'entity_test', 'field_ui'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/file/tests/src/Kernel/SaveTest.php b/core/modules/file/tests/src/Kernel/SaveTest.php
index 55a84cee63e2..d06d98f1230c 100644
--- a/core/modules/file/tests/src/Kernel/SaveTest.php
+++ b/core/modules/file/tests/src/Kernel/SaveTest.php
@@ -11,6 +11,14 @@
*/
class SaveTest extends FileManagedUnitTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
public function testFileSave() {
// Create a new file entity.
$file = File::create([
diff --git a/core/modules/forum/tests/src/Functional/ForumUninstallTest.php b/core/modules/forum/tests/src/Functional/ForumUninstallTest.php
index 6abc9c909e1e..23b708e04a1e 100644
--- a/core/modules/forum/tests/src/Functional/ForumUninstallTest.php
+++ b/core/modules/forum/tests/src/Functional/ForumUninstallTest.php
@@ -28,6 +28,14 @@ class ForumUninstallTest extends BrowserTestBase {
*/
protected static $modules = ['forum'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/help/tests/src/Functional/HelpTest.php b/core/modules/help/tests/src/Functional/HelpTest.php
index afcf2d04b4c6..73b0855cc316 100644
--- a/core/modules/help/tests/src/Functional/HelpTest.php
+++ b/core/modules/help/tests/src/Functional/HelpTest.php
@@ -33,6 +33,14 @@ class HelpTest extends BrowserTestBase {
'history',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/help/tests/src/Functional/HelpTopicSearchTest.php b/core/modules/help/tests/src/Functional/HelpTopicSearchTest.php
index aff7001807ac..0403dc30b142 100644
--- a/core/modules/help/tests/src/Functional/HelpTopicSearchTest.php
+++ b/core/modules/help/tests/src/Functional/HelpTopicSearchTest.php
@@ -29,6 +29,14 @@ class HelpTopicSearchTest extends HelpTopicTranslatedTestBase {
'language',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/help/tests/src/Functional/HelpTopicsSyntaxTest.php b/core/modules/help/tests/src/Functional/HelpTopicsSyntaxTest.php
index c7d7dec0efc0..adbb2987d7c3 100644
--- a/core/modules/help/tests/src/Functional/HelpTopicsSyntaxTest.php
+++ b/core/modules/help/tests/src/Functional/HelpTopicsSyntaxTest.php
@@ -29,6 +29,14 @@ class HelpTopicsSyntaxTest extends BrowserTestBase {
'locale',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/language/tests/src/Functional/LanguageConfigOverrideImportTest.php b/core/modules/language/tests/src/Functional/LanguageConfigOverrideImportTest.php
index 78debfa7320f..0601ba3f3af2 100644
--- a/core/modules/language/tests/src/Functional/LanguageConfigOverrideImportTest.php
+++ b/core/modules/language/tests/src/Functional/LanguageConfigOverrideImportTest.php
@@ -27,6 +27,14 @@ class LanguageConfigOverrideImportTest extends BrowserTestBase {
'config_translation',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/layout_builder/tests/src/Functional/LayoutBuilderOverridesTest.php b/core/modules/layout_builder/tests/src/Functional/LayoutBuilderOverridesTest.php
index acbedfced01a..1b663a3cb454 100644
--- a/core/modules/layout_builder/tests/src/Functional/LayoutBuilderOverridesTest.php
+++ b/core/modules/layout_builder/tests/src/Functional/LayoutBuilderOverridesTest.php
@@ -15,6 +15,14 @@
*/
class LayoutBuilderOverridesTest extends LayoutBuilderTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* Tests deleting a field in-use by an overridden layout.
*/
diff --git a/core/modules/locale/tests/src/Functional/LocaleLocaleLookupTest.php b/core/modules/locale/tests/src/Functional/LocaleLocaleLookupTest.php
index 80a8d383107a..924a37380a5c 100644
--- a/core/modules/locale/tests/src/Functional/LocaleLocaleLookupTest.php
+++ b/core/modules/locale/tests/src/Functional/LocaleLocaleLookupTest.php
@@ -25,6 +25,14 @@ class LocaleLocaleLookupTest extends BrowserTestBase {
*/
protected static $modules = ['locale', 'locale_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/media/tests/src/Functional/MediaRequirementsTest.php b/core/modules/media/tests/src/Functional/MediaRequirementsTest.php
index 94838fff7da5..26cf3c8b6f69 100644
--- a/core/modules/media/tests/src/Functional/MediaRequirementsTest.php
+++ b/core/modules/media/tests/src/Functional/MediaRequirementsTest.php
@@ -11,6 +11,14 @@
*/
class MediaRequirementsTest extends MediaFunctionalTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/media_library/tests/src/FunctionalJavascript/ContentModerationTest.php b/core/modules/media_library/tests/src/FunctionalJavascript/ContentModerationTest.php
index e7bbe116f3da..a892fb05ea2e 100644
--- a/core/modules/media_library/tests/src/FunctionalJavascript/ContentModerationTest.php
+++ b/core/modules/media_library/tests/src/FunctionalJavascript/ContentModerationTest.php
@@ -39,6 +39,14 @@ class ContentModerationTest extends WebDriverTestBase {
'views',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/menu_ui/tests/src/Functional/MenuUiNodeTest.php b/core/modules/menu_ui/tests/src/Functional/MenuUiNodeTest.php
index f7b03b3422e1..8e4e2a62787b 100644
--- a/core/modules/menu_ui/tests/src/Functional/MenuUiNodeTest.php
+++ b/core/modules/menu_ui/tests/src/Functional/MenuUiNodeTest.php
@@ -43,6 +43,14 @@ class MenuUiNodeTest extends BrowserTestBase {
'content_translation',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/migrate_drupal_ui/tests/src/Functional/MigrateControllerTest.php b/core/modules/migrate_drupal_ui/tests/src/Functional/MigrateControllerTest.php
index 2ca1bfef0b2a..952768053b7e 100644
--- a/core/modules/migrate_drupal_ui/tests/src/Functional/MigrateControllerTest.php
+++ b/core/modules/migrate_drupal_ui/tests/src/Functional/MigrateControllerTest.php
@@ -23,6 +23,14 @@ class MigrateControllerTest extends BrowserTestBase {
'views_ui',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/node/tests/src/Functional/NodeAccessCacheabilityTest.php b/core/modules/node/tests/src/Functional/NodeAccessCacheabilityTest.php
index c9b16994a4d8..3f74d9c63d78 100644
--- a/core/modules/node/tests/src/Functional/NodeAccessCacheabilityTest.php
+++ b/core/modules/node/tests/src/Functional/NodeAccessCacheabilityTest.php
@@ -28,6 +28,14 @@ class NodeAccessCacheabilityTest extends NodeTestBase {
'node_access_test_auto_bubbling',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/node/tests/src/Functional/NodeAccessGrantsCacheContextTest.php b/core/modules/node/tests/src/Functional/NodeAccessGrantsCacheContextTest.php
index 8e3303f1d419..e89972e5cbac 100644
--- a/core/modules/node/tests/src/Functional/NodeAccessGrantsCacheContextTest.php
+++ b/core/modules/node/tests/src/Functional/NodeAccessGrantsCacheContextTest.php
@@ -22,6 +22,14 @@ class NodeAccessGrantsCacheContextTest extends NodeTestBase {
*/
protected static $modules = ['node_access_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/node/tests/src/Kernel/NodeAccessLanguageAwareCombinationTest.php b/core/modules/node/tests/src/Kernel/NodeAccessLanguageAwareCombinationTest.php
index a3202cfc5b85..6e573db85ce2 100644
--- a/core/modules/node/tests/src/Kernel/NodeAccessLanguageAwareCombinationTest.php
+++ b/core/modules/node/tests/src/Kernel/NodeAccessLanguageAwareCombinationTest.php
@@ -28,6 +28,14 @@ class NodeAccessLanguageAwareCombinationTest extends NodeAccessTestBase {
'node_access_test',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* A set of nodes to use in testing.
*
diff --git a/core/modules/node/tests/src/Kernel/NodeAccessLanguageAwareTest.php b/core/modules/node/tests/src/Kernel/NodeAccessLanguageAwareTest.php
index c4afd4d319a6..58239b4f9009 100644
--- a/core/modules/node/tests/src/Kernel/NodeAccessLanguageAwareTest.php
+++ b/core/modules/node/tests/src/Kernel/NodeAccessLanguageAwareTest.php
@@ -23,6 +23,14 @@ class NodeAccessLanguageAwareTest extends NodeAccessTestBase {
*/
protected static $modules = ['language', 'node_access_test_language'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* A set of nodes to use in testing.
*
diff --git a/core/modules/node/tests/src/Kernel/NodeAccessLanguageTest.php b/core/modules/node/tests/src/Kernel/NodeAccessLanguageTest.php
index 29a2e96a58e8..d148e4103343 100644
--- a/core/modules/node/tests/src/Kernel/NodeAccessLanguageTest.php
+++ b/core/modules/node/tests/src/Kernel/NodeAccessLanguageTest.php
@@ -20,6 +20,14 @@ class NodeAccessLanguageTest extends NodeAccessTestBase {
*/
protected static $modules = ['language', 'node_access_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/node/tests/src/Kernel/Views/NodeViewsFieldAccessTest.php b/core/modules/node/tests/src/Kernel/Views/NodeViewsFieldAccessTest.php
index 8c09c23a4b49..4d9e8435febc 100644
--- a/core/modules/node/tests/src/Kernel/Views/NodeViewsFieldAccessTest.php
+++ b/core/modules/node/tests/src/Kernel/Views/NodeViewsFieldAccessTest.php
@@ -20,6 +20,14 @@ class NodeViewsFieldAccessTest extends FieldFieldAccessTestBase {
*/
protected static $modules = ['node', 'entity_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/path/tests/src/Functional/PathContentModerationTest.php b/core/modules/path/tests/src/Functional/PathContentModerationTest.php
index 68f973b512f2..a50e0c64ed99 100644
--- a/core/modules/path/tests/src/Functional/PathContentModerationTest.php
+++ b/core/modules/path/tests/src/Functional/PathContentModerationTest.php
@@ -31,6 +31,14 @@ class PathContentModerationTest extends BrowserTestBase {
'content_translation',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/shortcut/tests/src/Functional/ShortcutCacheTagsTest.php b/core/modules/shortcut/tests/src/Functional/ShortcutCacheTagsTest.php
index c56a22baa260..e2e957b0ef1d 100644
--- a/core/modules/shortcut/tests/src/Functional/ShortcutCacheTagsTest.php
+++ b/core/modules/shortcut/tests/src/Functional/ShortcutCacheTagsTest.php
@@ -31,6 +31,14 @@ class ShortcutCacheTagsTest extends EntityCacheTagsTestBase {
'block',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/shortcut/tests/src/Functional/ShortcutLinksTest.php b/core/modules/shortcut/tests/src/Functional/ShortcutLinksTest.php
index 0687111d2d7b..4880f1907326 100644
--- a/core/modules/shortcut/tests/src/Functional/ShortcutLinksTest.php
+++ b/core/modules/shortcut/tests/src/Functional/ShortcutLinksTest.php
@@ -31,6 +31,14 @@ class ShortcutLinksTest extends ShortcutTestBase {
*/
protected static $modules = ['router_test', 'views', 'block'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Functional/Bootstrap/DrupalMessengerServiceTest.php b/core/modules/system/tests/src/Functional/Bootstrap/DrupalMessengerServiceTest.php
index d83d719ffed4..f6ef52cdce89 100644
--- a/core/modules/system/tests/src/Functional/Bootstrap/DrupalMessengerServiceTest.php
+++ b/core/modules/system/tests/src/Functional/Bootstrap/DrupalMessengerServiceTest.php
@@ -22,6 +22,14 @@ class DrupalMessengerServiceTest extends BrowserTestBase {
*/
protected static $modules = ['system_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Functional/Entity/EntityReferenceFieldCreationTest.php b/core/modules/system/tests/src/Functional/Entity/EntityReferenceFieldCreationTest.php
index b4d4639ef3f1..bf7384543ada 100644
--- a/core/modules/system/tests/src/Functional/Entity/EntityReferenceFieldCreationTest.php
+++ b/core/modules/system/tests/src/Functional/Entity/EntityReferenceFieldCreationTest.php
@@ -23,6 +23,14 @@ class EntityReferenceFieldCreationTest extends BrowserTestBase {
*/
protected static $modules = ['entity_test', 'node', 'field_ui'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Functional/File/FileSaveHtaccessLoggingTest.php b/core/modules/system/tests/src/Functional/File/FileSaveHtaccessLoggingTest.php
index 726ba84b947e..1067d8d0b07f 100644
--- a/core/modules/system/tests/src/Functional/File/FileSaveHtaccessLoggingTest.php
+++ b/core/modules/system/tests/src/Functional/File/FileSaveHtaccessLoggingTest.php
@@ -14,8 +14,19 @@
*/
class FileSaveHtaccessLoggingTest extends BrowserTestBase {
+ /**
+ * {@inheritdoc}
+ */
protected static $modules = ['dblog'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Functional/Menu/LocalTasksTest.php b/core/modules/system/tests/src/Functional/Menu/LocalTasksTest.php
index 1612817f78a3..e82ac3b50f75 100644
--- a/core/modules/system/tests/src/Functional/Menu/LocalTasksTest.php
+++ b/core/modules/system/tests/src/Functional/Menu/LocalTasksTest.php
@@ -24,6 +24,14 @@ class LocalTasksTest extends BrowserTestBase {
*/
protected static $modules = ['block', 'menu_test', 'entity_test', 'node'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Functional/Module/ClassLoaderTest.php b/core/modules/system/tests/src/Functional/Module/ClassLoaderTest.php
index cb861c9b71b0..f8bc06450571 100644
--- a/core/modules/system/tests/src/Functional/Module/ClassLoaderTest.php
+++ b/core/modules/system/tests/src/Functional/Module/ClassLoaderTest.php
@@ -14,6 +14,14 @@
*/
class ClassLoaderTest extends BrowserTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* The expected result from calling the module-provided class' method.
*
diff --git a/core/modules/system/tests/src/Functional/Module/GenericModuleTestBase.php b/core/modules/system/tests/src/Functional/Module/GenericModuleTestBase.php
index 0b48f7aa83cb..f17f81fa0d89 100644
--- a/core/modules/system/tests/src/Functional/Module/GenericModuleTestBase.php
+++ b/core/modules/system/tests/src/Functional/Module/GenericModuleTestBase.php
@@ -19,6 +19,14 @@ abstract class GenericModuleTestBase extends BrowserTestBase {
'help',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Functional/System/DateFormatsLockedTest.php b/core/modules/system/tests/src/Functional/System/DateFormatsLockedTest.php
index 89da3f0b4f6f..52da4d4fedef 100644
--- a/core/modules/system/tests/src/Functional/System/DateFormatsLockedTest.php
+++ b/core/modules/system/tests/src/Functional/System/DateFormatsLockedTest.php
@@ -13,6 +13,14 @@
*/
class DateFormatsLockedTest extends BrowserTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Functional/Theme/MaintenanceThemeUpdateRegistryTest.php b/core/modules/system/tests/src/Functional/Theme/MaintenanceThemeUpdateRegistryTest.php
index 731fac2d4ebd..706b7501ac9d 100644
--- a/core/modules/system/tests/src/Functional/Theme/MaintenanceThemeUpdateRegistryTest.php
+++ b/core/modules/system/tests/src/Functional/Theme/MaintenanceThemeUpdateRegistryTest.php
@@ -16,6 +16,14 @@
class MaintenanceThemeUpdateRegistryTest extends BrowserTestBase {
use RequirementsPageTrait;
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Functional/UpdateSystem/UpdateScriptTest.php b/core/modules/system/tests/src/Functional/UpdateSystem/UpdateScriptTest.php
index e5e2da9a3cd1..c8f2faa703f0 100644
--- a/core/modules/system/tests/src/Functional/UpdateSystem/UpdateScriptTest.php
+++ b/core/modules/system/tests/src/Functional/UpdateSystem/UpdateScriptTest.php
@@ -36,6 +36,14 @@ class UpdateScriptTest extends BrowserTestBase {
'test_another_module_required_by_theme',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Kernel/DateFormatAccessControlHandlerTest.php b/core/modules/system/tests/src/Kernel/DateFormatAccessControlHandlerTest.php
index e4cb0506e3f7..86a77dfd9493 100644
--- a/core/modules/system/tests/src/Kernel/DateFormatAccessControlHandlerTest.php
+++ b/core/modules/system/tests/src/Kernel/DateFormatAccessControlHandlerTest.php
@@ -30,6 +30,14 @@ class DateFormatAccessControlHandlerTest extends KernelTestBase {
'user',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* The date_format access control handler.
*
diff --git a/core/modules/system/tests/src/Kernel/Entity/EntityReferenceSelection/EntityReferenceSelectionAccessTest.php b/core/modules/system/tests/src/Kernel/Entity/EntityReferenceSelection/EntityReferenceSelectionAccessTest.php
index c3c9b6942c12..e737b60b395a 100644
--- a/core/modules/system/tests/src/Kernel/Entity/EntityReferenceSelection/EntityReferenceSelectionAccessTest.php
+++ b/core/modules/system/tests/src/Kernel/Entity/EntityReferenceSelection/EntityReferenceSelectionAccessTest.php
@@ -48,6 +48,14 @@ class EntityReferenceSelectionAccessTest extends KernelTestBase {
'user',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/system/tests/src/Kernel/MenuAccessControlHandlerTest.php b/core/modules/system/tests/src/Kernel/MenuAccessControlHandlerTest.php
index d8b3c4f868c6..c4de55a8e08c 100644
--- a/core/modules/system/tests/src/Kernel/MenuAccessControlHandlerTest.php
+++ b/core/modules/system/tests/src/Kernel/MenuAccessControlHandlerTest.php
@@ -29,6 +29,14 @@ class MenuAccessControlHandlerTest extends KernelTestBase {
'user',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* The menu access control handler.
*
diff --git a/core/modules/taxonomy/tests/src/Kernel/Views/TaxonomyFieldVidTest.php b/core/modules/taxonomy/tests/src/Kernel/Views/TaxonomyFieldVidTest.php
index 4bad95a92227..6851d5823d80 100644
--- a/core/modules/taxonomy/tests/src/Kernel/Views/TaxonomyFieldVidTest.php
+++ b/core/modules/taxonomy/tests/src/Kernel/Views/TaxonomyFieldVidTest.php
@@ -33,6 +33,14 @@ class TaxonomyFieldVidTest extends ViewsKernelTestBase {
'filter',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* Views used by this test.
*
diff --git a/core/modules/toolbar/tests/src/FunctionalJavascript/ToolbarActiveTrailTest.php b/core/modules/toolbar/tests/src/FunctionalJavascript/ToolbarActiveTrailTest.php
index d54c2d6a1250..e14a32ba0d53 100644
--- a/core/modules/toolbar/tests/src/FunctionalJavascript/ToolbarActiveTrailTest.php
+++ b/core/modules/toolbar/tests/src/FunctionalJavascript/ToolbarActiveTrailTest.php
@@ -18,6 +18,14 @@ class ToolbarActiveTrailTest extends WebDriverTestBase {
*/
protected static $modules = ['toolbar', 'node', 'field_ui'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/user/tests/src/Functional/UserRequirementsTest.php b/core/modules/user/tests/src/Functional/UserRequirementsTest.php
index 5e5abbe3af80..ac126771ca7a 100644
--- a/core/modules/user/tests/src/Functional/UserRequirementsTest.php
+++ b/core/modules/user/tests/src/Functional/UserRequirementsTest.php
@@ -13,6 +13,14 @@
*/
class UserRequirementsTest extends BrowserTestBase {
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/user/tests/src/Kernel/WhoIsOnlineBlockTest.php b/core/modules/user/tests/src/Kernel/WhoIsOnlineBlockTest.php
index 4582e3455d0b..0b329c96fb61 100644
--- a/core/modules/user/tests/src/Kernel/WhoIsOnlineBlockTest.php
+++ b/core/modules/user/tests/src/Kernel/WhoIsOnlineBlockTest.php
@@ -18,6 +18,14 @@ class WhoIsOnlineBlockTest extends KernelTestBase {
*/
protected static $modules = ['system', 'user', 'block', 'views'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* The block being tested.
*
diff --git a/core/modules/views/tests/src/Functional/Handler/FieldEntityLinkBaseTest.php b/core/modules/views/tests/src/Functional/Handler/FieldEntityLinkBaseTest.php
index 9de00d72ab1f..3d36935b01c6 100644
--- a/core/modules/views/tests/src/Functional/Handler/FieldEntityLinkBaseTest.php
+++ b/core/modules/views/tests/src/Functional/Handler/FieldEntityLinkBaseTest.php
@@ -27,6 +27,14 @@ class FieldEntityLinkBaseTest extends ViewTestBase {
*/
protected static $modules = ['node', 'language'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/views/tests/src/Functional/Plugin/ContextualFiltersStringTest.php b/core/modules/views/tests/src/Functional/Plugin/ContextualFiltersStringTest.php
index 301dbb05ccc5..04c87553f8af 100644
--- a/core/modules/views/tests/src/Functional/Plugin/ContextualFiltersStringTest.php
+++ b/core/modules/views/tests/src/Functional/Plugin/ContextualFiltersStringTest.php
@@ -23,6 +23,14 @@ class ContextualFiltersStringTest extends ViewTestBase {
'views_test_config',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/views/tests/src/Functional/Plugin/DisplayPageWebTest.php b/core/modules/views/tests/src/Functional/Plugin/DisplayPageWebTest.php
index 755461b99d5e..6fb393a75e28 100644
--- a/core/modules/views/tests/src/Functional/Plugin/DisplayPageWebTest.php
+++ b/core/modules/views/tests/src/Functional/Plugin/DisplayPageWebTest.php
@@ -31,6 +31,14 @@ class DisplayPageWebTest extends ViewTestBase {
*/
protected static $modules = ['block', 'views_ui'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/views/tests/src/Functional/UserBatchActionTest.php b/core/modules/views/tests/src/Functional/UserBatchActionTest.php
index 22313fcb3fac..9db7ac55b0bf 100644
--- a/core/modules/views/tests/src/Functional/UserBatchActionTest.php
+++ b/core/modules/views/tests/src/Functional/UserBatchActionTest.php
@@ -25,6 +25,14 @@ class UserBatchActionTest extends BrowserTestBase {
'views',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/views/tests/src/Kernel/Handler/FieldFieldTest.php b/core/modules/views/tests/src/Kernel/Handler/FieldFieldTest.php
index 2d33f07cd1c7..0ec083a72a9a 100644
--- a/core/modules/views/tests/src/Kernel/Handler/FieldFieldTest.php
+++ b/core/modules/views/tests/src/Kernel/Handler/FieldFieldTest.php
@@ -33,6 +33,14 @@ class FieldFieldTest extends ViewsKernelTestBase {
'views_entity_test',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/views/tests/src/Kernel/Plugin/RssFieldsTest.php b/core/modules/views/tests/src/Kernel/Plugin/RssFieldsTest.php
index d43a531b593d..83dec53848f1 100644
--- a/core/modules/views/tests/src/Kernel/Plugin/RssFieldsTest.php
+++ b/core/modules/views/tests/src/Kernel/Plugin/RssFieldsTest.php
@@ -23,6 +23,14 @@ class RssFieldsTest extends ViewsKernelTestBase {
*/
protected static $modules = ['node', 'field', 'text', 'filter'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/workspaces/tests/src/Functional/PathWorkspacesTest.php b/core/modules/workspaces/tests/src/Functional/PathWorkspacesTest.php
index 97ab6dfc5490..c8f09c54c71f 100644
--- a/core/modules/workspaces/tests/src/Functional/PathWorkspacesTest.php
+++ b/core/modules/workspaces/tests/src/Functional/PathWorkspacesTest.php
@@ -32,6 +32,14 @@ class PathWorkspacesTest extends BrowserTestBase {
'workspaces',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/workspaces/tests/src/Functional/WorkspaceTest.php b/core/modules/workspaces/tests/src/Functional/WorkspaceTest.php
index c333f7b56507..f8767de56adc 100644
--- a/core/modules/workspaces/tests/src/Functional/WorkspaceTest.php
+++ b/core/modules/workspaces/tests/src/Functional/WorkspaceTest.php
@@ -35,6 +35,14 @@ class WorkspaceTest extends BrowserTestBase {
'workspaces',
];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/modules/workspaces/tests/src/Functional/WorkspacesUninstallTest.php b/core/modules/workspaces/tests/src/Functional/WorkspacesUninstallTest.php
index 65a986e91fce..36e0039ebde3 100644
--- a/core/modules/workspaces/tests/src/Functional/WorkspacesUninstallTest.php
+++ b/core/modules/workspaces/tests/src/Functional/WorkspacesUninstallTest.php
@@ -20,6 +20,14 @@ class WorkspacesUninstallTest extends BrowserTestBase {
*/
protected static $modules = ['workspaces', 'node'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/profiles/minimal/tests/src/Functional/MinimalTest.php b/core/profiles/minimal/tests/src/Functional/MinimalTest.php
index 5bf99e3343bc..2f3a9f1f066d 100644
--- a/core/profiles/minimal/tests/src/Functional/MinimalTest.php
+++ b/core/profiles/minimal/tests/src/Functional/MinimalTest.php
@@ -21,6 +21,14 @@ class MinimalTest extends BrowserTestBase {
protected $profile = 'minimal';
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/profiles/standard/tests/src/Functional/StandardTest.php b/core/profiles/standard/tests/src/Functional/StandardTest.php
index da90fac2bb62..cbe8f38fc608 100644
--- a/core/profiles/standard/tests/src/Functional/StandardTest.php
+++ b/core/profiles/standard/tests/src/Functional/StandardTest.php
@@ -18,6 +18,7 @@
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\RequirementsPageTrait;
use Drupal\user\Entity\Role;
+use Drupal\user\Entity\User;
use Symfony\Component\Validator\ConstraintViolation;
/**
@@ -295,6 +296,20 @@ function (ConstraintViolation $v) {
}
}
+
+ // Tests that user 1 does not have an all-access pass.
+ $this->drupalLogin($this->rootUser);
+ $this->drupalGet('admin');
+ $this->assertSession()->statusCodeEquals(200);
+
+ User::load(1)
+ ->removeRole('administrator')
+ ->save();
+ // Clear caches so change take effect in system under test.
+ $this->rebuildAll();
+
+ $this->drupalGet('admin');
+ $this->assertSession()->statusCodeEquals(403);
}
}
diff --git a/core/tests/Drupal/FunctionalTests/Theme/ClaroTest.php b/core/tests/Drupal/FunctionalTests/Theme/ClaroTest.php
index 50b8d636eda6..5970133ffcaf 100644
--- a/core/tests/Drupal/FunctionalTests/Theme/ClaroTest.php
+++ b/core/tests/Drupal/FunctionalTests/Theme/ClaroTest.php
@@ -26,6 +26,14 @@ class ClaroTest extends BrowserTestBase {
*/
protected static $modules = ['dblog', 'shortcut', 'pager_test'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/tests/Drupal/KernelTests/Core/Entity/RouteProviderTest.php b/core/tests/Drupal/KernelTests/Core/Entity/RouteProviderTest.php
index 3cfc77d060a6..55d3d19d7da5 100644
--- a/core/tests/Drupal/KernelTests/Core/Entity/RouteProviderTest.php
+++ b/core/tests/Drupal/KernelTests/Core/Entity/RouteProviderTest.php
@@ -25,6 +25,14 @@ class RouteProviderTest extends KernelTestBase {
*/
protected static $modules = ['entity_test', 'user', 'system'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/tests/Drupal/KernelTests/Core/Render/RenderCacheTest.php b/core/tests/Drupal/KernelTests/Core/Render/RenderCacheTest.php
index 67a755379241..4420796db31b 100644
--- a/core/tests/Drupal/KernelTests/Core/Render/RenderCacheTest.php
+++ b/core/tests/Drupal/KernelTests/Core/Render/RenderCacheTest.php
@@ -21,6 +21,14 @@ class RenderCacheTest extends KernelTestBase {
*/
protected static $modules = ['user', 'system'];
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
/**
* {@inheritdoc}
*/
diff --git a/core/tests/Drupal/KernelTests/Core/Session/SuperUserPermissionsTest.php b/core/tests/Drupal/KernelTests/Core/Session/SuperUserPermissionsTest.php
new file mode 100644
index 000000000000..186e140a2695
--- /dev/null
+++ b/core/tests/Drupal/KernelTests/Core/Session/SuperUserPermissionsTest.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace Drupal\KernelTests\Core\Session;
+
+use Drupal\KernelTests\KernelTestBase;
+use Drupal\Tests\user\Traits\UserCreationTrait;
+
+/**
+ * Test case for getting all permissions as a super user.
+ *
+ * @covers \Drupal\Core\DependencyInjection\Compiler\SuperUserAccessPolicyPass
+ * @group Session
+ */
+class SuperUserPermissionsTest extends KernelTestBase {
+
+ use UserCreationTrait;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected static $modules = ['system', 'user'];
+
+ /**
+ * {@inheritdoc}
+ */
+ protected bool $usesSuperUserAccessPolicy = TRUE;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUp(): void {
+ parent::setUp();
+ $this->installEntitySchema('user');
+ }
+
+ /**
+ * Tests the super user access policy grants all permissions.
+ */
+ public function testPermissionChange(): void {
+ $account = $this->createUser();
+ $this->assertSame('1', $account->id());
+ $this->assertTrue($account->hasPermission('administer modules'));
+ $this->assertTrue($account->hasPermission('non-existent permission'));
+
+ // Turn off the super user access policy and try again.
+ $this->usesSuperUserAccessPolicy = FALSE;
+ $this->bootKernel();
+ $this->assertFalse($account->hasPermission('administer modules'));
+ $this->assertFalse($account->hasPermission('non-existent permission'));
+ }
+
+}
diff --git a/core/tests/Drupal/KernelTests/KernelTestBase.php b/core/tests/Drupal/KernelTests/KernelTestBase.php
index 236ddf89a43c..798a14e3e184 100644
--- a/core/tests/Drupal/KernelTests/KernelTestBase.php
+++ b/core/tests/Drupal/KernelTests/KernelTestBase.php
@@ -236,6 +236,15 @@ abstract class KernelTestBase extends TestCase implements ServiceProviderInterfa
'config_test.dynamic.system',
];
+ /**
+ * Set to TRUE to make user 1 a super user.
+ *
+ * @see \Drupal\Core\Session\SuperUserAccessPolicy
+ *
+ * @var bool
+ */
+ protected bool $usesSuperUserAccessPolicy;
+
/**
* {@inheritdoc}
*/
@@ -571,6 +580,16 @@ public function register(ContainerBuilder $container) {
->register('cache_factory', 'Drupal\Core\Cache\MemoryBackendFactory')
->addArgument(new Reference('datetime.time'));
+ // Disable the super user access policy so that we are sure our tests check
+ // for the right permissions.
+ if (!isset($this->usesSuperUserAccessPolicy)) {
+ $test_file_name = (new \ReflectionClass($this))->getFileName();
+ // @todo Decide in https://www.drupal.org/project/drupal/issues/3437926
+ // how to remove this fallback behavior.
+ $this->usesSuperUserAccessPolicy = !str_starts_with($test_file_name, $this->root . DIRECTORY_SEPARATOR . 'core');
+ }
+ $container->setParameter('security.enable_super_user', $this->usesSuperUserAccessPolicy);
+
// Use memory for key value storages to avoid database queries. Store the
// key value factory on the test object so that key value storages persist
// container rebuilds, otherwise all state data would vanish.
diff --git a/core/tests/Drupal/TestSite/Commands/TestSiteInstallCommand.php b/core/tests/Drupal/TestSite/Commands/TestSiteInstallCommand.php
index 32d411ac1dfc..fd7dc6c65213 100644
--- a/core/tests/Drupal/TestSite/Commands/TestSiteInstallCommand.php
+++ b/core/tests/Drupal/TestSite/Commands/TestSiteInstallCommand.php
@@ -86,6 +86,17 @@ class TestSiteInstallCommand extends Command {
*/
protected $langcode = 'en';
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Remove and fix test to not rely on super user.
+ * @see https://www.drupal.org/project/drupal/issues/3437620
+ */
+ public function __construct(string $name = NULL) {
+ parent::__construct($name);
+ $this->usesSuperUserAccessPolicy = TRUE;
+ }
+
/**
* {@inheritdoc}
*/
diff --git a/sites/default/default.services.yml b/sites/default/default.services.yml
index c4b964fc2900..239ec7b3a560 100644
--- a/sites/default/default.services.yml
+++ b/sites/default/default.services.yml
@@ -1,4 +1,8 @@
parameters:
+ # Toggles the super user access policy. If your website has at least one user
+ # with the Administrator role, it is advised to set this to false. This allows
+ # you to make user 1 a regular user, strengthening the security of your site.
+ security.enable_super_user: true
session.storage.options:
# Default ini options for sessions.
#
--
GitLab