From 054f753d837ca6743c81ced5dfe1248bab7ed80f Mon Sep 17 00:00:00 2001
From: jrb <jrb@352123.no-reply.drupal.org>
Date: Fri, 28 Jan 2022 13:56:35 -0700
Subject: [PATCH] Issue #3261193 by jrb, owenbush: Users with the "edit
 eventseries entity" permission can't edit their own events unless they also
 have the "edit own eventinstance entity" permission

---
 .../src/RegistrantAccessControlHandler.php             | 10 ++++++++--
 src/EventInstanceAccessControlHandler.php              | 10 ++++++++--
 src/EventSeriesAccessControlHandler.php                | 10 ++++++++--
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/modules/recurring_events_registration/src/RegistrantAccessControlHandler.php b/modules/recurring_events_registration/src/RegistrantAccessControlHandler.php
index 3d58f29c..149691a9 100644
--- a/modules/recurring_events_registration/src/RegistrantAccessControlHandler.php
+++ b/modules/recurring_events_registration/src/RegistrantAccessControlHandler.php
@@ -73,13 +73,19 @@ class RegistrantAccessControlHandler extends EntityAccessControlHandler implemen
         if ($account->id() !== $entity->getOwnerId()) {
           return AccessResult::allowedIfHasPermission($account, 'edit registrant entities');
         }
-        return AccessResult::allowedIfHasPermission($account, 'edit own registrant entities');
+        return AccessResult::allowedIfHasPermissions($account, [
+          'edit registrant entities',
+          'edit own registrant entities',
+        ], 'OR');
 
       case 'delete':
         if ($account->id() !== $entity->getOwnerId()) {
           return AccessResult::allowedIfHasPermission($account, 'delete registrant entities');
         }
-        return AccessResult::allowedIfHasPermission($account, 'delete own registrant entities');
+        return AccessResult::allowedIfHasPermissions($account, [
+          'delete registrant entities',
+          'delete own registrant entities',
+        ], 'OR');
 
       case 'resend':
         return AccessResult::allowedIfHasPermission($account, 'resend registrant emails');
diff --git a/src/EventInstanceAccessControlHandler.php b/src/EventInstanceAccessControlHandler.php
index c1b42ab0..86dac554 100644
--- a/src/EventInstanceAccessControlHandler.php
+++ b/src/EventInstanceAccessControlHandler.php
@@ -33,13 +33,19 @@ class EventInstanceAccessControlHandler extends EntityAccessControlHandler {
         if ($account->id() !== $entity->getOwnerId()) {
           return AccessResult::allowedIfHasPermission($account, 'edit eventinstance entity');
         }
-        return AccessResult::allowedIfHasPermission($account, 'edit own eventinstance entity');
+        return AccessResult::allowedIfHasPermissions($account, [
+          'edit eventinstance entity',
+          'edit own eventinstance entity',
+        ], 'OR');
 
       case 'delete':
         if ($account->id() !== $entity->getOwnerId()) {
           return AccessResult::allowedIfHasPermission($account, 'delete eventinstance entity');
         }
-        return AccessResult::allowedIfHasPermission($account, 'delete own eventinstance entity');
+        return AccessResult::allowedIfHasPermissions($account, [
+          'delete eventinstance entity',
+          'delete own eventinstance entity',
+        ], 'OR');
 
       case 'clone':
         return AccessResult::allowedIfHasPermission($account, 'clone eventinstance entity');
diff --git a/src/EventSeriesAccessControlHandler.php b/src/EventSeriesAccessControlHandler.php
index b06f86d4..5ec6529a 100644
--- a/src/EventSeriesAccessControlHandler.php
+++ b/src/EventSeriesAccessControlHandler.php
@@ -33,13 +33,19 @@ class EventSeriesAccessControlHandler extends EntityAccessControlHandler {
         if ($account->id() !== $entity->getOwnerId()) {
           return AccessResult::allowedIfHasPermission($account, 'edit eventseries entity');
         }
-        return AccessResult::allowedIfHasPermission($account, 'edit own eventseries entity');
+        return AccessResult::allowedIfHasPermissions($account, [
+          'edit eventseries entity',
+          'edit own eventseries entity',
+        ], 'OR');
 
       case 'delete':
         if ($account->id() !== $entity->getOwnerId()) {
           return AccessResult::allowedIfHasPermission($account, 'delete eventseries entity');
         }
-        return AccessResult::allowedIfHasPermission($account, 'delete own eventseries entity');
+        return AccessResult::allowedIfHasPermissions($account, [
+          'delete eventseries entity',
+          'delete own eventseries entity',
+        ], 'OR');
 
       case 'clone':
         return AccessResult::allowedIfHasPermission($account, 'clone eventseries entity');
-- 
GitLab