Issue #3358586 by godotislate, kala4ek, jaswinsingh, benjifisher, creact,...

    $valid_permissions = array_intersect($this->permissions, array_keys($permission_definitions));

    $invalid_permissions = array_diff($this->permissions, $valid_permissions);

    if (!empty($invalid_permissions)) {

      throw new \RuntimeException('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "' . implode('", "', $invalid_permissions) . '".');

      \Drupal::logger('user')->error('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', [

        '@label' => $this->label(),

        '@id' => $this->id(),

        '@permissions' => implode(', ', $invalid_permissions),

      ]);

      $this->permissions = $valid_permissions;

    }

    foreach ($valid_permissions as $permission) {

      // Depend on the module that is providing this permissions.

      // Depend on the module that is providing this permission.

      $this->addDependency('module', $permission_definitions[$permission]['provider']);

      // Depend on any other dependencies defined by permissions granted to

      // this role.

namespace Drupal\Tests\user\Kernel;

use Drupal\Core\DependencyInjection\ContainerBuilder;

use Drupal\Core\Logger\RfcLogLevel;

use Drupal\KernelTests\KernelTestBase;

use Drupal\user\Entity\Role;

use Symfony\Component\ErrorHandler\BufferingLogger;

/**

 * @group user

   */

  protected static $modules = ['system', 'user', 'user_permissions_test'];

  /**

   * {@inheritdoc}

   */

  public function register(ContainerBuilder $container): void {

    parent::register($container);

    $container

      ->register(BufferingLogger::class)

      ->addTag('logger');

  }

  public function testOrderOfPermissions(): void {

    $role = Role::create(['id' => 'test_role', 'label' => 'Test role']);

    $role->grantPermission('b')

    $role = Role::create(['id' => 'test_role', 'label' => 'Test role']);

    // A single permission that does not exist.

    $this->expectException(\RuntimeException::class);

    $this->expectExceptionMessage('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "does not exist".');

    $role->grantPermission('does not exist')

      ->save();

    $log_message = \Drupal::service(BufferingLogger::class)->cleanLogs()[0];

    $this->assertSame(RfcLogLevel::ERROR, $log_message[0]);

    $this->assertSame('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', $log_message[1]);

    $this->assertSame('Test role', $log_message[2]['@label']);

    $this->assertSame('test_role', $log_message[2]['@id']);

    $this->assertSame('does not exist', $log_message[2]['@permissions']);

    // A multiple permissions that do not exist.

    $this->expectException(\RuntimeException::class);

    $this->expectExceptionMessage('Adding non-existent permissions to a role is not allowed. The incorrect permissions are "does not exist, also does not exist".');

    // Multiple permissions that do not exist.

    $role->grantPermission('does not exist')

      ->grantPermission('also does not exist')

      ->save();

    $log_message = \Drupal::service(BufferingLogger::class)->cleanLogs()[0];

    $this->assertSame(RfcLogLevel::ERROR, $log_message[0]);

    $this->assertSame('Non-existent permission(s) assigned to role "@label" (@id) were removed. Invalid permission(s): @permissions.', $log_message[1]);

    $this->assertSame('Test role', $log_message[2]['@label']);

    $this->assertSame('test_role', $log_message[2]['@id']);

    $this->assertSame('does not exist, also does not exist', $log_message[2]['@permissions']);

    $permissions = $role->getPermissions();

    $this->assertEmpty(array_intersect(['does not exist', 'also does not exist'], $permissions));

  }

  public function testPermissionRevokeAndConfigSync(): void {