From b3f0c378be7b122fa129ed494948f6760ffcdccc Mon Sep 17 00:00:00 2001
From: Lee Rowlands <lee.rowlands@previousnext.com.au>
Date: Mon, 22 Jul 2024 08:37:32 +1000
Subject: [PATCH] Issue #3306434 by benjifisher, quietone, Berdir, kopeboy,
 DYdave, larowlan: Fix access checks for bundle permissions to avoid
 triggering a config validation error

(cherry picked from commit 3f03a0aa0fea1cb10d9a91dbcf54e790bab9f057)
---
 .../user/src/Form/EntityPermissionsForm.php   |  7 ++--
 .../src/Functional/UserPermissionsTest.php    | 36 ++++++++++++++++++-
 .../Unit/Form/EntityPermissionsFormTest.php   |  8 ++---
 3 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/core/modules/user/src/Form/EntityPermissionsForm.php b/core/modules/user/src/Form/EntityPermissionsForm.php
index 41c6f140f095..d97b5987b67c 100644
--- a/core/modules/user/src/Form/EntityPermissionsForm.php
+++ b/core/modules/user/src/Form/EntityPermissionsForm.php
@@ -93,11 +93,10 @@ protected function permissionsByProvider(): array {
     // Get the names of all config entities that depend on $this->bundle.
     $config_name = $this->bundle->getConfigDependencyName();
     $config_entities = $this->configManager
-      ->getConfigEntitiesToChangeOnDependencyRemoval('config', [$config_name]);
+      ->findConfigEntityDependencies('config', [$config_name]);
     $config_names = array_map(
-      function ($dependent_config) {
-        return $dependent_config->getConfigDependencyName();
-      }, $config_entities['delete'] ?? []
+      fn($dependent_config) => $dependent_config->getConfigDependencyName(),
+      $config_entities,
     );
     $config_names[] = $config_name;
 
diff --git a/core/modules/user/tests/src/Functional/UserPermissionsTest.php b/core/modules/user/tests/src/Functional/UserPermissionsTest.php
index b9fea1381634..e0112f1d6765 100644
--- a/core/modules/user/tests/src/Functional/UserPermissionsTest.php
+++ b/core/modules/user/tests/src/Functional/UserPermissionsTest.php
@@ -4,9 +4,10 @@
 
 namespace Drupal\Tests\user\Functional;
 
+use Drupal\comment\Tests\CommentTestTrait;
 use Drupal\Tests\BrowserTestBase;
-use Drupal\user\RoleInterface;
 use Drupal\user\Entity\Role;
+use Drupal\user\RoleInterface;
 
 /**
  * Verifies role permissions can be added and removed via the permissions page.
@@ -15,6 +16,8 @@
  */
 class UserPermissionsTest extends BrowserTestBase {
 
+  use CommentTestTrait;
+
   /**
    * User with admin privileges.
    *
@@ -297,4 +300,35 @@ public function testAccessBundlePermission(): void {
     $this->assertSession()->statusCodeEquals(403);
   }
 
+  /**
+   * Tests that access check does not trigger warnings.
+   *
+   * The access check for /admin/structure/comment/manage/comment/permissions is
+   * \Drupal\user\Form\EntityPermissionsForm::EntityPermissionsForm::access().
+   */
+  public function testBundlePermissionError(): void {
+    \Drupal::service('module_installer')->install(['comment', 'dblog', 'field_ui', 'node']);
+    // Set up the node and comment field. Use the 'default' view mode since
+    // 'full' is not defined, so it will not be added to the config entity.
+    $this->drupalCreateContentType(['type' => 'article']);
+    $this->addDefaultCommentField('node', 'article', comment_view_mode: 'default');
+
+    $this->drupalLogin($this->adminUser);
+    $this->grantPermissions(Role::load($this->rid), ['access site reports', 'administer comment display']);
+
+    // Access both the Manage display and permission page, which is not
+    // accessible currently.
+    $assert_session = $this->assertSession();
+    $this->drupalGet('/admin/structure/comment/manage/comment/display');
+    $assert_session->statusCodeEquals(200);
+    $this->drupalGet('/admin/structure/comment/manage/comment/permissions');
+    $assert_session->statusCodeEquals(403);
+
+    // Ensure there are no warnings in the log.
+    $this->drupalGet('/admin/reports/dblog');
+    $assert_session->statusCodeEquals(200);
+    $assert_session->pageTextContains('access denied');
+    $assert_session->pageTextNotContains("Entity view display 'node.article.default': Component");
+  }
+
 }
diff --git a/core/modules/user/tests/src/Unit/Form/EntityPermissionsFormTest.php b/core/modules/user/tests/src/Unit/Form/EntityPermissionsFormTest.php
index aa4639f3192e..c240aafa803e 100644
--- a/core/modules/user/tests/src/Unit/Form/EntityPermissionsFormTest.php
+++ b/core/modules/user/tests/src/Unit/Form/EntityPermissionsFormTest.php
@@ -60,12 +60,10 @@ public function testPermissionsByProvider(string $dependency_name, bool $found):
     $module_handler = $this->prophesize(ModuleHandlerInterface::class)->reveal();
     $module_extension_list = $this->prophesize(ModuleExtensionList::class)->reveal();
     $prophecy = $this->prophesize(ConfigManagerInterface::class);
-    $prophecy->getConfigEntitiesToChangeOnDependencyRemoval('config', ['node.type.article'])
+    $prophecy->findConfigEntityDependencies('config', ['node.type.article'])
       ->willReturn([
-        'delete' => [
-          new ConfigEntityDependency('core.entity_view_display.node.article.full'),
-          new ConfigEntityDependency('field.field.node.article.body'),
-        ],
+        new ConfigEntityDependency('core.entity_view_display.node.article.full'),
+        new ConfigEntityDependency('field.field.node.article.body'),
       ]);
     $config_manager = $prophecy->reveal();
     $prophecy = $this->prophesize(EntityTypeInterface::class);
-- 
GitLab