Issue #3502654 by jurgenhaas, thejimbirch, phenaproxima, catch: Unpublished...

Issue #3502654 by jurgenhaas, thejimbirch, phenaproxima, catch: Unpublished pages should return a 404, not a 403

recipes/drupal_cms_authentication/composer.json

@@ -4,7 +4,7 @@
     "type": "drupal-recipe",
     "license": ["GPL-2.0-or-later"],
     "require": {
-        "drupal/bpmn_io": "^2.0.3",
+        "drupal/bpmn_io": "^2.0.6",
         "drupal/core": ">=10.3",
         "drupal/eca": "^2.1",
         "drupal/login_emailusername": "^3",

recipes/drupal_cms_authentication/config/eca.eca.auth_redirects.yml

@@ -4,7 +4,7 @@ dependencies:
   module:
     - eca_user
 id: auth_redirects
-modeller: fallback
+modeller: bpmn_io
 label: 'Authentication redirects'
 version: 1.0.0
 weight: 0

recipes/drupal_cms_authentication/config/eca.eca.user_register.yml

@@ -5,7 +5,7 @@ dependencies:
     - eca_base
     - eca_form
 id: user_register
-modeller: fallback
+modeller: bpmn_io
 label: 'User registration'
 version: 1.0.0
 weight: 0

recipes/drupal_cms_content_type_base/composer.json

@@ -5,7 +5,7 @@
     "license": ["GPL-2.0-or-later"],
     "require": {
         "drupal/autosave_form": "^1.7",
-        "drupal/bpmn_io": "^2.0.3",
+        "drupal/bpmn_io": "^2.0.6",
         "drupal/core": ">=10.4",
         "drupal/drupal_cms_image": "~1.0.1",
         "drupal/eca": "^2.1",

recipes/drupal_cms_content_type_base/config/eca.eca.content_duplicate.yml

@@ -6,7 +6,7 @@ dependencies:
     - eca_misc
     - eca_render
 id: content_duplicate
-modeller: fallback
+modeller: bpmn_io
 label: 'Duplicate content'
 version: 1.0.0
 weight: 0

recipes/drupal_cms_privacy_basic/composer.json

@@ -4,7 +4,7 @@
     "type": "drupal-recipe",
     "license": ["GPL-2.0-or-later"],
     "require": {
-        "drupal/bpmn_io": "^2.0.3",
+        "drupal/bpmn_io": "^2.0.6",
         "drupal/core": ">=10.4",
         "drupal/eca": "^2.1",
         "drupal/drupal_cms_page": "~1.0.0",

recipes/drupal_cms_privacy_basic/config/eca.eca.privacy_setting_link.yml

@@ -7,7 +7,7 @@ dependencies:
     - eca_content
     - eca_user
 id: privacy_setting_link
-modeller: fallback
+modeller: bpmn_io
 label: 'Show link to privacy settings'
 version: 1.0.0
 weight: 0

recipes/drupal_cms_remote_video/config/eca.eca.remote_video_consent.yml

@@ -9,7 +9,7 @@ dependencies:
     - eca_content
     - eca_user
 id: remote_video_consent
-modeller: fallback
+modeller: bpmn_io
 label: 'Enable consent management for remote video'
 version: 1.0.0
 weight: 0

recipes/drupal_cms_starter/composer.json

@@ -5,9 +5,9 @@
     "license": ["GPL-2.0-or-later"],
     "require": {
         "drupal/automatic_updates": "^3.1.7",
-        "drupal/bpmn_io": "^2.0.3",
+        "drupal/bpmn_io": "^2.0.6",
         "drupal/core": ">=10.4",
-        "drupal/eca": "^2.1.2",
+        "drupal/eca": "^2.1.3",
         "drupal/dashboard": "^2",
         "drupal/drupal_cms_admin_ui": "~1.0.0",
         "drupal/drupal_cms_anti_spam": "~1.0.0",

recipes/drupal_cms_starter/config/eca.eca.front_page_redirect_hotfix.yml

@@ -15,7 +15,7 @@ dependencies:
     - eca_config
     - eca_content
 id: front_page_redirect_hotfix
-modeller: fallback
+modeller: bpmn_io
 label: 'Front page redirect hotfix'
 version: 1.0.0
 weight: 0

recipes/drupal_cms_starter/config/eca.eca.init_search.yml

@@ -10,7 +10,7 @@ dependencies:
     - eca_base
     - eca_config
 id: init_search
-modeller: fallback
+modeller: bpmn_io
 label: 'Initialize search index'
 version: 1.0.0
 weight: 0

recipes/drupal_cms_starter/config/eca.eca.rename_project_browser_tabs.yml

@@ -4,7 +4,7 @@ dependencies:
   module:
     - eca_project_browser
 id: rename_project_browser_tabs
-modeller: fallback
+modeller: bpmn_io
 label: 'Rename Project Browser tabs'
 version: 1.0.0
 weight: 0

recipes/drupal_cms_starter/config/eca.eca.unpublished_404.yml

+langcode: en
+status: true
+dependencies:
+  module:
+    - eca_base
+    - eca_content
+    - eca_misc
+    - eca_user
+id: unpublished_404
+modeller: bpmn_io
+label: 'Unpublished 404'
+version: 1.0.0
+weight: 0
+events:
+  Event_uncaught_exception:
+    plugin: 'kernel:exception_status_code'
+    label: 'Uncaught Exception'
+    configuration: {  }
+    successors:
+      -
+        id: Activity_and
+        condition: Flow_is_403
+conditions:
+  Flow_is_403:
+    plugin: eca_scalar
+    configuration:
+      negate: false
+      case: false
+      left: '[event:code]'
+      right: '403'
+      operator: equal
+      type: value
+  Flow_unpublished:
+    plugin: eca_entity_field_value
+    configuration:
+      case: false
+      expected_value: '1'
+      field_name: status
+      operator: equal
+      type: value
+      negate: true
+      entity: node
+gateways: {  }
+actions:
+  Activity_and:
+    plugin: eca_void_and_condition
+    label: AND
+    configuration: {  }
+    successors:
+      -
+        id: Activity_switch_user_1
+        condition: ''
+  Activity_switch_user_1:
+    plugin: eca_switch_account
+    label: 'Switch to user 1'
+    configuration:
+      user_id: '1'
+    successors:
+      -
+        id: Activity_load_node_from_route
+        condition: ''
+  Activity_load_node_from_route:
+    plugin: eca_token_load_route_param
+    label: 'Load node from route'
+    configuration:
+      token_name: node
+      request: '2'
+      parameter_name: node
+    successors:
+      -
+        id: Activity_not_found_exception
+        condition: Flow_unpublished
+  Activity_not_found_exception:
+    plugin: eca_throw_exception
+    label: 'Not found exception'
+    configuration:
+      exception_type: Symfony\Component\HttpKernel\Exception\NotFoundHttpException
+      response_message: ''
+      log_exception: false
+    successors: {  }

recipes/drupal_cms_starter/recipe.yml

@@ -23,8 +23,10 @@ install:
   - eca_base
   - eca_config
   - eca_content
+  - eca_misc
   - eca_project_browser
   - eca_render
+  - eca_user
   - menu_link_content
   - olivero
   - package_manager

recipes/drupal_cms_starter/tests/src/Functional/ComponentValidationTest.php

@@ -71,6 +71,16 @@ class ComponentValidationTest extends BrowserTestBase {
     $assert_session->statusCodeEquals(200);
     // Also, the front page should be "/", instead of "/home".
     $assert_session->addressEquals('/');
+    // The privacy policy page isn't published, so it should respond with a
+    // 404, not 403.
+    $this->drupalGet('/privacy-policy');
+    $assert_session->statusCodeEquals(404);
+    // A non-existing page should also respond with a 404.
+    $this->drupalGet('/node/999999');
+    $assert_session->statusCodeEquals(404);
+    // A non-permitted page should respond with a 403.
+    $this->drupalGet('/admin');
+    $assert_session->statusCodeEquals(403);
 
     $editor = $this->drupalCreateUser();
     $editor->addRole('content_editor')->save();