Fix access control when using Group Node module.

Closes #3384307

layout_paragraphs.module

@@ -8,12 +8,14 @@
 use Drupal\Core\Url;
 use Drupal\Component\Utility\Html;
 use Drupal\Component\Serialization\Json;
+use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\paragraphs\ParagraphInterface;
 use Drupal\Core\Routing\RouteMatchInterface;
 use Drupal\layout_paragraphs\Utility\Dialog;
 use Drupal\paragraphs\Entity\ParagraphsType;
 use Drupal\Core\Entity\FieldableEntityInterface;
+use Drupal\Core\Session\AccountInterface;
 
 /**
  * Implements hook_help().
@@ -535,3 +537,74 @@ function layout_paragraphs_alter_library_recursive(array &$library, array $cdn)
     layout_paragraphs_alter_library_recursive($value, $cdn);
   }
 }
+
+/**
+ * Implements hook_preprocess_HOOK().
+ *
+ * Add the group_id and plugin_id to the third party setting in
+ * LayoutParagraphsLayout, when the layout paragraphs is being used on
+ * the create group content form, so it can be used to
+ * determine permissions in layout_paragraphs_entity_create_access().
+ *
+ * @see layout_paragraphs_entity_create_access()
+ * @see \Drupal\layout_paragraphs\Element\LayoutParagraphsBuilder::preRender()
+ */
+function layout_paragraphs_preprocess_layout_paragraphs_builder(array &$variables) {
+  $route_match = \Drupal::routeMatch();
+
+  if ($route_match->getRouteName() === "entity.group_relationship.create_form") {
+    $group_id = $route_match->getParameters()->get('group')?->id();
+    $plugin_id = $route_match->getParameters()->get('plugin_id');
+
+    if ($group_id && $plugin_id) {
+      /** @var \Drupal\layout_paragraphs\LayoutParagraphsLayout $layout_paragraphs_builder */
+      $layout_paragraphs_builder = &$variables["layout_paragraphs_layout"];
+      $layout_paragraphs_builder->setThirdPartySetting("group", "group_id", $group_id);
+      $layout_paragraphs_builder->setThirdPartySetting("group", "plugin_id", $plugin_id);
+
+      /** @var \Drupal\layout_paragraphs\LayoutParagraphsLayoutTempstoreRepository $layout_paragraphs_tempstore_repository */
+      $layout_paragraphs_tempstore_repository = \Drupal::service("layout_paragraphs.tempstore_repository");
+      $layout_paragraphs_tempstore_repository->set($layout_paragraphs_builder);
+    }
+  }
+}
+
+/**
+ * Implements hook_entity_create_access().
+ *
+ * If node create access is being checked from the layout paragraphs,
+ * use the group_id and plugin_id to determine if the account
+ * has access to create content in the group.
+ */
+function layout_paragraphs_entity_create_access(AccountInterface $account, array $context, $entity_bundle) {
+  $route_match = \Drupal::routeMatch();
+  $access = AccessResult::neutral();
+
+  switch ($route_match->getRouteName()) {
+    case 'layout_paragraphs.builder.choose_component':
+    case 'layout_paragraphs.builder.insert':
+    case 'layout_paragraphs.builder.edit_item':
+    case 'layout_paragraphs.builder.duplicate_item':
+    case 'layout_paragraphs.builder.delete_item':
+    case 'layout_paragraphs.builder.reorder':
+      /** @var \Drupal\layout_paragraphs\LayoutParagraphsLayoutInterface $layout_paragraphs_builder */
+      $layout_paragraphs_layout = $route_match->getParameter("layout_paragraphs_layout");
+      $group_id = $layout_paragraphs_layout->getThirdPartySetting("group", "group_id");
+      $plugin_id = $layout_paragraphs_layout->getThirdPartySetting("group", "plugin_id");
+
+      if ($group_id && $plugin_id) {
+        $access = \Drupal::accessManager()->checkNamedRoute(
+          'entity.group_relationship.create_form',
+          [
+            'group' => $group_id,
+            'plugin_id' => $plugin_id,
+          ],
+          $account,
+          TRUE
+        );
+      }
+      break;
+  }
+
+  return $access;
+}