js/block.js

@@ -34,16 +34,16 @@
              *   A string with the summary.
              */
             function checkboxesSummary(context) {
-                var vals = [];
+                var values = [];
                 var $checkboxes = $(context).find('input[type="checkbox"]:checked + label');
                 var il = $checkboxes.length;
                 for (var i = 0; i < il; i++) {
-                    vals.push($($checkboxes[i]).html());
+                    values.push($($checkboxes[i]).html());
                 }
-                if (!vals.length) {
-                    vals.push(Drupal.t('Not restricted'));
+                if (!values.length) {
+                    values.push(Drupal.t('Not restricted'));
                 }
-                return vals.join(', ');
+                return values.join(', ');
             }
 
             $('[data-drupal-selector="edit-visibility-group-type"]').drupalSetSummary(checkboxesSummary);

modules/gnode/gnode.info.yml

@@ -2,7 +2,7 @@ name: 'Group Node'
 description: 'Enables Group functionality for the Node module'
 package: 'Group'
 type: 'module'
-core_version_requirement: ^8.8 || ^9
+core_version_requirement: ^10.3 || ^11
 dependencies:
   - 'drupal:node'
   - 'group:group'

modules/gnode/gnode.install

@@ -7,6 +7,7 @@
 
 use Drupal\Core\Config\ExtensionInstallStorage;
 use Drupal\Core\Config\InstallStorage;
+use Drupal\Core\Config\StorageInterface;
 
 /**
  * Update the group nodes view to use the argument provided title.
@@ -68,7 +69,10 @@ function gnode_update_8003() {
       // Get the storage for optional extension configuration.
       $optional_storage = new ExtensionInstallStorage(
         \Drupal::service('config.storage'),
-        InstallStorage::CONFIG_OPTIONAL_DIRECTORY
+        InstallStorage::CONFIG_OPTIONAL_DIRECTORY,
+        StorageInterface::DEFAULT_COLLECTION,
+        FALSE,
+        \Drupal::installProfile()
       );
 
       // Read the data from the YAML file and save it to the view.
@@ -124,3 +128,16 @@ function gnode_update_8005() {
 function gnode_update_8006() {
   // Empty update. See group_post_update_view_cache_contexts();
 }
+
+/**
+ * Updates views to drop obsolete key.
+ */
+function gnode_update_8007(&$sandbox) {
+  if (\Drupal::moduleHandler()->moduleExists('views')) {
+    $view = \Drupal::configFactory()->getEditable('views.view.group_nodes');
+    if (!$view->isNew()) {
+      $view->clear('display.default.display_options.arguments.gid.default_argument_skip_url');
+      $view->save(TRUE);
+    }
+  }
+}

modules/gnode/gnode.links.action.yml

-group_content.group_node_add_page:
-  route_name: 'entity.group_content.group_node_add_page'
+group_relationship.group_node_add_page:
+  route_name: 'entity.group_relationship.group_node_add_page'
   title: 'Add existing content'
   appears_on:
     - 'view.group_nodes.page_1'
 
-group_content.group_node_create_page:
-  route_name: 'entity.group_content.group_node_create_page'
+group_relationship.group_node_create_page:
+  route_name: 'entity.group_relationship.group_node_create_page'
   title: 'Add new content'
   appears_on:
     - 'view.group_nodes.page_1'

modules/gnode/gnode.services.yml

@@ -8,4 +8,3 @@ services:
   group.relation_handler.permission_provider.group_node:
     class: 'Drupal\gnode\Plugin\Group\RelationHandler\GroupNodePermissionProvider'
     arguments: ['@group.relation_handler.permission_provider']
-    shared: false

modules/gnode/src/Plugin/Group/Relation/GroupNode.php

@@ -2,23 +2,24 @@
 
 namespace Drupal\gnode\Plugin\Group\Relation;
 
-use Drupal\group\Plugin\Group\Relation\GroupRelationBase;
 use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\StringTranslation\TranslatableMarkup;
+use Drupal\group\Plugin\Attribute\GroupRelationType;
+use Drupal\group\Plugin\Group\Relation\GroupRelationBase;
 
 /**
  * Provides a group relation type for nodes.
- *
- * @GroupRelationType(
- *   id = "group_node",
- *   label = @Translation("Group node"),
- *   description = @Translation("Adds nodes to groups both publicly and privately."),
- *   entity_type_id = "node",
- *   entity_access = TRUE,
- *   reference_label = @Translation("Title"),
- *   reference_description = @Translation("The title of the node to add to the group"),
- *   deriver = "Drupal\gnode\Plugin\Group\Relation\GroupNodeDeriver",
- * )
  */
+#[GroupRelationType(
+  id: 'group_node',
+  entity_type_id: 'node',
+  label: new TranslatableMarkup('Group node'),
+  description: new TranslatableMarkup('Adds nodes to groups both publicly and privately.'),
+  reference_label: new TranslatableMarkup('Title'),
+  reference_description: new TranslatableMarkup('The title of the node to add to the group'),
+  entity_access: TRUE,
+  deriver: 'Drupal\gnode\Plugin\Group\Relation\GroupNodeDeriver'
+)]
 class GroupNode extends GroupRelationBase {
 
   /**

modules/gnode/src/Plugin/Group/Relation/GroupNodeDeriver.php

@@ -2,14 +2,17 @@
 
 namespace Drupal\gnode\Plugin\Group\Relation;
 
+use Drupal\Component\Plugin\Derivative\DeriverBase;
 use Drupal\group\Plugin\Group\Relation\GroupRelationTypeInterface;
 use Drupal\node\Entity\NodeType;
-use Drupal\Component\Plugin\Derivative\DeriverBase;
 
+/**
+ * Derives plugins based on node type.
+ */
 class GroupNodeDeriver extends DeriverBase {
 
   /**
-   * {@inheritdoc}.
+   * {@inheritdoc}
    */
   public function getDerivativeDefinitions($base_plugin_definition) {
     assert($base_plugin_definition instanceof GroupRelationTypeInterface);

modules/gnode/src/Plugin/Group/RelationHandler/GroupNodePermissionProvider.php

@@ -4,7 +4,6 @@ namespace Drupal\gnode\Plugin\Group\RelationHandler;
 
 use Drupal\group\Plugin\Group\RelationHandler\PermissionProviderInterface;
 use Drupal\group\Plugin\Group\RelationHandler\PermissionProviderTrait;
-use Drupal\group\Plugin\Group\RelationHandler\RelationHandlerTrait;
 
 /**
  * Provides group permissions for the group_node relation plugin.

modules/gnode/src/Routing/RouteSubscriber.php

@@ -14,18 +14,18 @@ class RouteSubscriber extends RouteSubscriberBase {
    * {@inheritdoc}
    */
   protected function alterRoutes(RouteCollection $collection) {
-    if ($route = $collection->get('entity.group_content.create_page')) {
+    if ($route = $collection->get('entity.group_relationship.create_page')) {
       $copy = clone $route;
       $copy->setPath('group/{group}/node/create');
       $copy->setDefault('base_plugin_id', 'group_node');
-      $collection->add('entity.group_content.group_node_create_page', $copy);
+      $collection->add('entity.group_relationship.group_node_create_page', $copy);
     }
 
-    if ($route = $collection->get('entity.group_content.add_page')) {
+    if ($route = $collection->get('entity.group_relationship.add_page')) {
       $copy = clone $route;
       $copy->setPath('group/{group}/node/add');
       $copy->setDefault('base_plugin_id', 'group_node');
-      $collection->add('entity.group_content.group_node_add_page', $copy);
+      $collection->add('entity.group_relationship.group_node_add_page', $copy);
     }
   }
 

modules/gnode/tests/src/Functional/EntityOperationsTest.php

@@ -16,7 +16,7 @@ class EntityOperationsTest extends GroupEntityOperationsTest {
   /**
    * {@inheritdoc}
    */
-  public static $modules = ['gnode'];
+  protected static $modules = ['gnode'];
 
   /**
    * {@inheritdoc}
@@ -32,7 +32,7 @@ class EntityOperationsTest extends GroupEntityOperationsTest {
       ['group/1/nodes' => 'Nodes'],
       [
         'view group',
-        'access group_node overview'
+        'access group_node overview',
       ],
     ];
 
@@ -41,7 +41,7 @@ class EntityOperationsTest extends GroupEntityOperationsTest {
       [],
       [
         'view group',
-        'access group_node overview'
+        'access group_node overview',
       ],
       ['views'],
     ];

modules/gnode/tests/src/Kernel/GroupNodeConfigTest.php

@@ -16,14 +16,13 @@ class GroupNodeConfigTest extends EntityKernelTestBase {
    *
    * @var array
    */
-  public static $modules = [
+  protected static $modules = [
     'entity',
     'flexible_permissions',
     'gnode',
     'group',
     'node',
     'options',
-    'variationcache',
     'views',
   ];
 

modules/group_support_revisions/group_support_revisions.info.yml

+name: 'Group Support: Revisions'
+description: 'Enables revision access over grouped entities to be determined by the group'
+package: 'Group'
+type: 'module'
+core_version_requirement: ^10.3 || ^11
+dependencies:
+  - 'group:group'

modules/group_support_revisions/group_support_revisions.services.yml

+services:
+  # Decorating group relation handlers.
+  group.relation_handler_decorator.permission_provider.support_revisions:
+    class: 'Drupal\group_support_revisions\Plugin\Group\RelationHandler\SupportRevisionsPermissionProvider'
+    decorates: 'group.relation_handler.permission_provider'
+    decoration_priority: 50
+    arguments: ['@group.relation_handler_decorator.permission_provider.support_revisions.inner']

modules/group_support_revisions/src/Plugin/Group/RelationHandler/SupportRevisionsPermissionProvider.php

+<?php
+
+namespace Drupal\group_support_revisions\Plugin\Group\RelationHandler;
+
+use Drupal\Core\Entity\RevisionableInterface;
+use Drupal\group\Plugin\Group\Relation\GroupRelationTypeInterface;
+use Drupal\group\Plugin\Group\RelationHandler\PermissionProviderInterface;
+use Drupal\group\Plugin\Group\RelationHandler\PermissionProviderTrait;
+
+/**
+ * Alters all permission providers to add revision support.
+ */
+class SupportRevisionsPermissionProvider implements PermissionProviderInterface {
+
+  use PermissionProviderTrait {
+    init as defaultInit;
+  }
+
+  /**
+   * Whether the target entity type implements the RevisionableInterface.
+   *
+   * @var bool
+   */
+  protected bool $implementsRevisionableInterface;
+
+  /**
+   * Constructs a new SupportRevisionsPermissionProvider.
+   *
+   * @param \Drupal\group\Plugin\Group\RelationHandler\PermissionProviderInterface $parent
+   *   The parent permission provider.
+   */
+  public function __construct(PermissionProviderInterface $parent) {
+    $this->parent = $parent;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function init($plugin_id, GroupRelationTypeInterface $group_relation_type) {
+    $this->defaultInit($plugin_id, $group_relation_type);
+    $this->implementsRevisionableInterface = $this->entityType->entityClassImplements(RevisionableInterface::class);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getPermission($operation, $target, $scope = 'any') {
+    if ($target === 'entity') {
+      switch ($operation) {
+        case 'view all revisions':
+          return $this->getEntityViewAllRevisionsPermission();
+
+        case 'view revision':
+          return $this->getEntityViewRevisionPermission();
+
+        case 'revert revision':
+          return $this->getEntityRevertRevisionPermission();
+
+        case 'delete revision':
+          return $this->getEntityDeleteRevisionPermission();
+      }
+    }
+
+    return $this->parent->getPermission($operation, $target, $scope);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function buildPermissions() {
+    $permissions = $this->parent->buildPermissions();
+
+    // Instead of checking whether this specific permission provider allows for
+    // a permission to exist, we check the entire decorator chain. This avoids a
+    // lot of copy-pasted code to turn off or rename a permission in a decorator
+    // further down the chain.
+    $provider_chain = $this->groupRelationTypeManager()->getPermissionProvider($this->pluginId);
+
+    $prefix = 'Revisions:';
+    if ($name = $provider_chain->getPermission('view all revisions', 'entity')) {
+      $permissions[$name] = $this->buildPermission("$prefix View full version history");
+    }
+    if ($name = $provider_chain->getPermission('view revision', 'entity')) {
+      $permissions[$name] = $this->buildPermission("$prefix View specific entity revisions");
+    }
+    if ($name = $provider_chain->getPermission('revert revision', 'entity')) {
+      $permissions[$name] = $this->buildPermission("$prefix Revert specific entity revisions");
+    }
+    if ($name = $provider_chain->getPermission('delete revision', 'entity')) {
+      $permissions[$name] = $this->buildPermission("$prefix Delete specific entity revisions");
+    }
+
+    return $permissions;
+  }
+
+  /**
+   * Gets the name of the view all revisions permission for the entity.
+   *
+   * @return string|false
+   *   The permission name or FALSE if it does not apply.
+   */
+  protected function getEntityViewAllRevisionsPermission() {
+    if ($this->definesEntityPermissions && $this->implementsRevisionableInterface) {
+      return "view all $this->pluginId entity revisions";
+    }
+    return FALSE;
+  }
+
+  /**
+   * Gets the name of the view all revisions permission for the entity.
+   *
+   * @return string|false
+   *   The permission name or FALSE if it does not apply.
+   */
+  protected function getEntityViewRevisionPermission() {
+    if ($this->definesEntityPermissions && $this->implementsRevisionableInterface) {
+      return "view $this->pluginId entity revisions";
+    }
+    return FALSE;
+  }
+
+  /**
+   * Gets the name of the view all revisions permission for the entity.
+   *
+   * @return string|false
+   *   The permission name or FALSE if it does not apply.
+   */
+  protected function getEntityRevertRevisionPermission() {
+    if ($this->definesEntityPermissions && $this->implementsRevisionableInterface) {
+      return "revert $this->pluginId entity revisions";
+    }
+    return FALSE;
+  }
+
+  /**
+   * Gets the name of the view all revisions permission for the entity.
+   *
+   * @return string|false
+   *   The permission name or FALSE if it does not apply.
+   */
+  protected function getEntityDeleteRevisionPermission() {
+    if ($this->definesEntityPermissions && $this->implementsRevisionableInterface) {
+      return "delete $this->pluginId entity revisions";
+    }
+    return FALSE;
+  }
+
+}

modules/group_support_revisions/tests/src/Functional/GroupSupportRevisionsTest.php

+<?php
+
+namespace Drupal\Tests\group_support_revisions\Functional;
+
+use Drupal\Tests\group\Functional\GroupBrowserTestBase;
+use Drupal\group\Entity\Storage\GroupRelationshipTypeStorageInterface;
+use Drupal\group\PermissionScopeInterface;
+use Drupal\node\NodeInterface;
+use Drupal\user\RoleInterface;
+
+/**
+ * Tests that revision operations (do not) show up on a grouped entity.
+ *
+ * @group group_support_revisions
+ */
+class GroupSupportRevisionsTest extends GroupBrowserTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected static $modules = ['block', 'gnode'];
+
+  /**
+   * Gets the global (site) permissions for the group creator.
+   *
+   * @return string[]
+   *   The permissions.
+   */
+  protected function getGlobalPermissions() {
+    return [
+      'access content',
+      'edit any page content',
+      'delete any page content',
+      'view all revisions',
+      'revert all revisions',
+      'delete all revisions',
+      'access administration pages',
+    ] + parent::getGlobalPermissions();
+  }
+
+  /**
+   * The group type to run the tests with.
+   *
+   * @var \Drupal\group\Entity\GroupTypeInterface
+   */
+  protected $groupType;
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp(): void {
+    parent::setUp();
+    $this->drupalCreateContentType(['type' => 'page', 'name' => 'Page', 'new_revision' => TRUE]);
+    $this->drupalPlaceBlock('local_tasks_block');
+    $this->setUpAccount();
+
+    $this->groupType = $this->createGroupType();
+    $storage = $this->entityTypeManager->getStorage('group_relationship_type');
+    assert($storage instanceof GroupRelationshipTypeStorageInterface);
+    $storage->save($storage->createFromPlugin($this->groupType, 'group_node:page'));
+
+    $group_role_storage = $this->entityTypeManager->getStorage('group_role');
+    $group_role_storage->save($group_role_storage->create([
+      'id' => 'foo',
+      'group_type' => $this->groupType->id(),
+      'scope' => PermissionScopeInterface::INSIDER_ID,
+      'global_role' => RoleInterface::AUTHENTICATED_ID,
+      'permissions' => [],
+    ]));
+  }
+
+  /**
+   * Tests the revisions tab on an entity's canonical route.
+   */
+  public function testRevisionsTab(): void {
+    $group_role_storage = $this->entityTypeManager->getStorage('group_role');
+    $node = $this->drupalCreateNode(['type' => 'page', 'title' => $this->randomString()]);
+    $path = '/node/1';
+    $href = '/node/1/revisions';
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->linkByHrefExists($href, 0, 'Control; "Revisions" tab shows up.');
+
+    $group_role = $group_role_storage->load('foo');
+    $group_role_storage->save($group_role->grantPermission('view group_node:page entity'));
+
+    $group = $this->createGroup(['type' => $this->groupType->id()]);
+    $group->addRelationship($node, 'group_node:page');
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->linkByHrefExists($href, 0, 'Grouping the node without any special support still shows the "Revisions" tab.');
+
+    \Drupal::getContainer()->get('module_installer')->install(['group_support_revisions'], TRUE);
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->linkByHrefNotExists($href, 'Now hat Group knows about revision operations, the grouped node no longer shows the "Revisions" tab.');
+
+    $group_role = $group_role_storage->load('foo');
+    $group_role_storage->save($group_role->grantPermission('view all group_node:page entity revisions'));
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->linkByHrefExists($href, 0, 'Assigning the right Group permissions once again shows the "Revisions" tab.');
+  }
+
+  /**
+   * Tests the viewing of individual revisions for an entity.
+   *
+   * @depends testRevisionsTab
+   */
+  public function testViewRevision(): void {
+    $group_role_storage = $this->entityTypeManager->getStorage('group_role');
+    $node_storage = $this->entityTypeManager->getStorage('node');
+    $path = '/node/1/revisions/1/view';
+
+    $node = $this->drupalCreateNode(['type' => 'page', 'title' => 'First title']);
+    $node = $node_storage->load($node->id());
+    assert($node instanceof NodeInterface);
+    $node->setNewRevision();
+    $node_storage->save($node->setTitle('Second title'));
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+
+    $group_role = $group_role_storage->load('foo');
+    $group_role_storage->save($group_role->grantPermission('view group_node:page entity'));
+
+    $group = $this->createGroup(['type' => $this->groupType->id()]);
+    $group->addRelationship($node, 'group_node:page');
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+
+    \Drupal::getContainer()->get('module_installer')->install(['group_support_revisions'], TRUE);
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(403);
+
+    $group_role = $group_role_storage->load('foo');
+    $group_role_storage->save($group_role->grantPermission('view group_node:page entity revisions'));
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+  }
+
+  /**
+   * Tests the revision operations on an entity's version history route.
+   *
+   * @param string $name
+   *   The name of the operation we expect to see.
+   * @param string $href
+   *   The href of the operation we expect to see.
+   * @param string $crud_permission
+   *   The permission of the same CRUD operation, required by core.
+   * @param string $group_permission
+   *   The group permission that should grant access when grouped and supported.
+   *
+   * @depends testRevisionsTab
+   * @dataProvider revisionsOperationsProvider
+   */
+  public function testRevisionOperations(string $name, string $href, string $crud_permission, string $group_permission): void {
+    $group_role_storage = $this->entityTypeManager->getStorage('group_role');
+    $node_storage = $this->entityTypeManager->getStorage('node');
+    $path = '/node/1/revisions';
+
+    $node = $this->drupalCreateNode(['type' => 'page', 'title' => 'First title']);
+    $node = $node_storage->load($node->id());
+    assert($node instanceof NodeInterface);
+    $node->setNewRevision();
+    $node_storage->save($node->setTitle('Second title'));
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->linkByHrefExists($href, 0, 'Control; "' . $name . '" operation shows up.');
+
+    $group_role = $group_role_storage->load('foo');
+    $group_role_storage->save($group_role->grantPermissions([
+      'view group_node:page entity',
+      'view all group_node:page entity revisions',
+      // Standard revision access checks rely on update or delete access.
+      $crud_permission,
+    ]));
+
+    $group = $this->createGroup(['type' => $this->groupType->id()]);
+    $group->addRelationship($node, 'group_node:page');
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->linkByHrefExists($href, 0, 'Grouping the node without any special support still shows the "' . $name . '" operation.');
+
+    \Drupal::getContainer()->get('module_installer')->install(['group_support_revisions'], TRUE);
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->linkByHrefNotExists($href, 'Now hat Group knows about revision operations, the grouped node no longer shows the "' . $name . '" operation.');
+
+    $group_role = $group_role_storage->load('foo');
+    $group_role_storage->save($group_role->grantPermission($group_permission));
+
+    $this->drupalGet($path);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->linkByHrefExists($href, 0, 'Assigning the right Group permissions once again shows the "' . $name . '" operation.');
+  }
+
+  /**
+   * Data provider for ::testRevisionOperations().
+   *
+   * @return array
+   *   A list of test scenarios.
+   */
+  public function revisionsOperationsProvider(): array {
+    $cases['revert'] = [
+      'name' => 'Revert',
+      'href' => 'node/1/revisions/1/revert',
+      'crud_permission' => 'update any group_node:page entity',
+      'group_permission' => 'revert group_node:page entity revisions',
+    ];
+
+    $cases['delete'] = [
+      'name' => 'Delete',
+      'href' => 'node/1/revisions/1/delete',
+      'crud_permission' => 'delete any group_node:page entity',
+      'group_permission' => 'delete group_node:page entity revisions',
+    ];
+
+    return $cases;
+  }
+
+}

phpcs.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<ruleset name="drupal-project">
+  <description>Default PHP CodeSniffer configuration for Drupal project.</description>
+  <rule ref="vendor/drupal/coder/coder_sniffer/Drupal/ruleset.xml">
+    <exclude name="Drupal.Semantics.FunctionT.NotLiteralString"/>
+    <exclude-pattern>./src/ProxyClass/UninstallValidator/GroupRelationshipUninstallValidator</exclude-pattern>
+  </rule>
+  <rule ref="Drupal.NamingConventions.ValidVariableName.LowerCamelName">
+    <exclude-pattern>./src/Plugin/Group/Relation/GroupRelationType</exclude-pattern>
+  </rule>
+  <!-- https://www.drupal.org/drupalorg/docs/drupal-ci/using-coderphpcs-in-drupalci -->
+  <arg name="extensions" value="php,inc,module,install,info,test,profile,theme"/>
+</ruleset>

phpstan-baseline.neon

+parameters:
+	ignoreErrors:
+		# These errors are a bug in phpstan, see https://github.com/phpstan/phpstan/issues/6830.
+		-
+			message: "#^Variable \\$any_unpublished_permission might not be defined\\.$#"
+			count: 1
+			path: src/QueryAccess/EntityQueryAlter.php
+
+		-
+			message: "#^Variable \\$data_table might not be defined\\.$#"
+			count: 3
+			path: src/QueryAccess/EntityQueryAlter.php
+
+		-
+			message: "#^Variable \\$own_unpublished_permission might not be defined\\.$#"
+			count: 1
+			path: src/QueryAccess/EntityQueryAlter.php
+
+		-
+			message: "#^Variable \\$owner_conditions might not be defined\\.$#"
+			count: 3
+			path: tests/src/Kernel/QueryAlter/QueryAlterTestBase.php
+
+		-
+			message: "#^Variable \\$unpublished_permissions might not be defined\\.$#"
+			count: 8
+			path: tests/src/Kernel/QueryAlter/QueryAlterTestBase.php
+
+		-
+			message: "#^Variable \\$old_table might not be defined\\.$#"
+			count: 1
+			path: group.install

phpstan.neon

+includes:
+    - phpstan-baseline.neon
+
+parameters:
+  level: 2
+  ignoreErrors:
+    # new static() is a best practice in Drupal, so we cannot fix that.
+    - "#^Unsafe usage of new static#"
+    # Entity property $original is common in Drupal.
+    - "#^Access to an undefined property [a-zA-Z0-9\\\\]+\\:\\:\\$original.#"
+    # Ignore common errors for now.
+    - "#Drupal calls should be avoided in classes, use dependency injection instead#"
+    # Can only remove use of membership loader in 4.0.0
+    - "#^Fetching class constant class of deprecated class Drupal\\\\group\\\\GroupMembership\\:#"
+    - "#^Fetching class constant class of deprecated interface Drupal\\\\group\\\\GroupMembershipLoaderInterface\\:#"
+    - "#has typehint with deprecated class Drupal\\\\group\\\\GroupMembership\\:#"
+    - "#has typehint with deprecated interface Drupal\\\\group\\\\GroupMembershipLoaderInterface\\:#"
+    - "#^Constructor of class Drupal\\\\group\\\\GroupMembershipLoader has an unused parameter#"
+  drupal:
+    entityMapping:
+      group:
+        class: Drupal\group\Entity\Group
+        storage: Drupal\group\Entity\Storage\GroupStorage
+      group_config_wrapper:
+        class: Drupal\group\Entity\ConfigWrapper
+        storage: Drupal\group\Entity\Storage\ConfigWrapperStorage
+      group_relationship:
+        class: Drupal\group\Entity\GroupRelationship
+        storage: Drupal\group\Entity\Storage\GroupRelationshipStorage
+      group_relationship_type:
+        class: Drupal\group\Entity\GroupRelationshipType
+        storage: Drupal\group\Entity\Storage\GroupRelationshipTypeStorage
+      group_role:
+        class: Drupal\group\Entity\GroupRole
+        storage: Drupal\group\Entity\Storage\GroupRoleStorage
+      group_type:
+        class: Drupal\group\Entity\GroupType

src/Access/GroupAccessResult.php

@@ -2,9 +2,9 @@
 
 namespace Drupal\group\Access;
 
-use Drupal\group\Entity\GroupInterface;
 use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Session\AccountInterface;
+use Drupal\group\Entity\GroupInterface;
 
 /**
  * Extends the AccessResult class with group permission checks.