Commit 2023ce8e authored by alexpott's avatar alexpott

Issue #2950125 by owenbush, Wim Leers: Add helpful reason for 'update' and...

Issue #2950125 by owenbush, Wim Leers: Add helpful reason for 'update' and 'delete' access not being allowed to CommentAccessControlHandler
parent c98f167c
......@@ -45,7 +45,12 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
return $access_result;
case 'update':
return AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
$access_result = AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))
->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
if (!$access_result->isAllowed()) {
$access_result->setReason("The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.");
}
return $access_result;
default:
// No opinion.
......
......@@ -335,6 +335,8 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
return "The 'access comments' permission is required and the comment must be published.";
case 'POST';
return "The 'post comments' permission is required.";
case 'PATCH';
return "The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment