From cb6824ae7d5bfa52f1c6d638fe618e6e3ffa0247 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Thu, 31 Aug 2023 17:11:26 +0100
Subject: [PATCH] Issue #3344789 by acbramley, Berdir, fenstrat, benjifisher,
 borisson_: Return early in EntityPermissionsForm::access if the user does not
 have "administer permissions"

---
 core/modules/user/src/Form/EntityPermissionsForm.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core/modules/user/src/Form/EntityPermissionsForm.php b/core/modules/user/src/Form/EntityPermissionsForm.php
index d1a49cf4568f..126eb7b975b8 100644
--- a/core/modules/user/src/Form/EntityPermissionsForm.php
+++ b/core/modules/user/src/Form/EntityPermissionsForm.php
@@ -153,6 +153,10 @@ public function buildForm(array $form, FormStateInterface $form_state, string $b
    *   The access result.
    */
   public function access(Route $route, RouteMatchInterface $route_match, $bundle = NULL): AccessResultInterface {
+    $permission = $route->getRequirement('_permission');
+    if ($permission && !$this->currentUser()->hasPermission($permission)) {
+      return AccessResult::neutral()->cachePerPermissions();
+    }
     // Set $this->bundle for use by ::permissionsByProvider().
     if ($bundle instanceof EntityInterface) {
       $this->bundle = $bundle;
-- 
GitLab