Issue #3394741 by acbramley, jenlampton, smustgrave:... (5331d0e6) · Commits · project / drupal

core/modules/block_content/src/BlockContentAccessControlHandler.php

+8 −23

Original line number	Diff line number	Diff line
		@@ -64,30 +64,15 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
		// Allow view and update access to user with the 'edit any (type) block
		// content' permission or the 'administer block content' permission.
		'view' => AccessResult::allowedIf($entity->isPublished())
		->orIf(AccessResult::allowedIfHasPermissions($account, [
		'access block library',
		])),
		'update' => AccessResult::allowedIfHasPermissions($account, [
		'access block library',
		'edit any ' . $bundle . ' block content',
		]),
		'delete' => AccessResult::allowedIfHasPermissions($account, [
		'access block library',
		'delete any ' . $bundle . ' block content',
		]),
		->orIf(AccessResult::allowedIfHasPermission($account, 'access block library')),
		'update' => AccessResult::allowedIfHasPermission($account, 'edit any ' . $bundle . ' block content'),
		'delete' => AccessResult::allowedIfHasPermission($account, 'delete any ' . $bundle . ' block content'),
		// Revisions.
		'view all revisions' => AccessResult::allowedIfHasPermissions($account, [
		'access block library',
		'view any ' . $bundle . ' block content history',
		]),
		'revert' => AccessResult::allowedIfHasPermissions($account, [
		'access block library',
		'revert any ' . $bundle . ' block content revisions',
		])->orIf($forbidIfNotReusable()),
		'delete revision' => AccessResult::allowedIfHasPermissions($account, [
		'access block library',
		'delete any ' . $bundle . ' block content revisions',
		])->orIf($forbidIfNotReusable()),
		'view all revisions' => AccessResult::allowedIfHasPermission($account, 'view any ' . $bundle . ' block content history'),
		'revert' => AccessResult::allowedIfHasPermission($account, 'revert any ' . $bundle . ' block content revisions')
		->orIf($forbidIfNotReusable()),
		'delete revision' => AccessResult::allowedIfHasPermission($account, 'delete any ' . $bundle . ' block content revisions')
		->orIf($forbidIfNotReusable()),

		default => parent::checkAccess($entity, $operation, $account),
		};

core/modules/block_content/tests/src/Functional/BlockContentRevisionDeleteTest.php

+0 −1

Original line number	Diff line number	Diff line
		@@ -21,7 +21,6 @@ class BlockContentRevisionDeleteTest extends BlockContentTestBase {
		* {@inheritdoc}
		*/
		protected $permissions = [
		'access block library',
		'view any basic block content history',
		'delete any basic block content revisions',
		];

core/modules/block_content/tests/src/Functional/BlockContentRevisionRevertTest.php

+0 −1

Original line number	Diff line number	Diff line
		@@ -21,7 +21,6 @@ class BlockContentRevisionRevertTest extends BlockContentTestBase {
		* {@inheritdoc}
		*/
		protected $permissions = [
		'access block library',
		'view any basic block content history',
		'revert any basic block content revisions',
		];

core/modules/block_content/tests/src/Functional/BlockContentRevisionVersionHistoryTest.php

+0 −1

Original line number	Diff line number	Diff line
		@@ -21,7 +21,6 @@ class BlockContentRevisionVersionHistoryTest extends BlockContentTestBase {
		* {@inheritdoc}
		*/
		protected $permissions = [
		'access block library',
		'view any basic block content history',
		'revert any basic block content revisions',
		'delete any basic block content revisions',

core/modules/block_content/tests/src/Functional/Rest/BlockContentResourceTestBase.php

+5 −5

Original line number	Diff line number	Diff line
		@@ -49,7 +49,7 @@ protected function setUpAuthorization($method) {
		break;

		case 'DELETE':
		$this->grantPermissionsToTestedRole(['access block library', 'delete any basic block content']);
		$this->grantPermissionsToTestedRole(['delete any basic block content']);
		break;

		default:
		@@ -196,17 +196,17 @@ protected function getNormalizedPostEntity() {
		protected function getExpectedUnauthorizedAccessMessage($method) {
		if (!$this->resourceConfigStorage->load(static::$resourceConfigId)) {
		return match ($method) {
		'GET', 'PATCH' => "The following permissions are required: 'access block library' AND 'edit any basic block content'.",
		'GET', 'PATCH' => "The 'edit any basic block content' permission is required.",
		'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.",
		'DELETE' => "The following permissions are required: 'access block library' AND 'delete any basic block content'.",
		'DELETE' => "The 'delete any basic block content' permission is required.",
		default => parent::getExpectedUnauthorizedAccessMessage($method),
		};
		}
		return match ($method) {
		'GET' => "The 'access block library' permission is required.",
		'PATCH' => "The following permissions are required: 'access block library' AND 'edit any basic block content'.",
		'PATCH' => "The 'edit any basic block content' permission is required.",
		'POST' => "The following permissions are required: 'create basic block content' AND 'access block library'.",
		'DELETE' => "The following permissions are required: 'access block library' AND 'delete any basic block content'.",
		'DELETE' => "The 'delete any basic block content' permission is required.",
		default => parent::getExpectedUnauthorizedAccessMessage($method),
		};
		}