diff --git a/core/modules/block_content/src/BlockContentAccessControlHandler.php b/core/modules/block_content/src/BlockContentAccessControlHandler.php index e738b3f..8f107c2 100644 --- a/core/modules/block_content/src/BlockContentAccessControlHandler.php +++ b/core/modules/block_content/src/BlockContentAccessControlHandler.php @@ -19,10 +19,15 @@ class BlockContentAccessControlHandler extends EntityAccessControlHandler { */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation === 'view') { - return AccessResult::allowedIfHasPermission($account, 'administer blocks'); - return AccessResult::allowed(); + $result = AccessResult::allowedIfHasPermission($account, 'access content'); } - return parent::checkAccess($entity, $operation, $account); + else { + $result = parent::checkAccess($entity, $operation, $account); + } + if (!$result->isAllowed() && in_array($operation, ['view', 'update'], TRUE)) { + $result->setReason("The 'access content' permission is required for view, and 'administer blocks' permission is required for update BlockContent entity."); + } + return $result; } } diff --git a/core/modules/block_content/tests/src/Functional/BlockContentCacheTagsTest.php b/core/modules/block_content/tests/src/Functional/BlockContentCacheTagsTest.php index 59f111b..bf4eb00 100644 --- a/core/modules/block_content/tests/src/Functional/BlockContentCacheTagsTest.php +++ b/core/modules/block_content/tests/src/Functional/BlockContentCacheTagsTest.php @@ -8,6 +8,7 @@ use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Language\LanguageInterface; use Drupal\system\Tests\Entity\EntityCacheTagsTestBase; +use Drupal\user\Entity\Role; use Symfony\Component\HttpFoundation\Request; /** @@ -25,6 +26,19 @@ class BlockContentCacheTagsTest extends EntityCacheTagsTestBase { /** * {@inheritdoc} */ + protected function setUp() { + parent::setUp(); + + // Give anonymous users permission to access content, so that we can view + // BlockContent entity. + $anonymous_role = Role::load(Role::ANONYMOUS_ID); + $anonymous_role->grantPermission('access content'); + $anonymous_role->save(); + } + + /** + * {@inheritdoc} + */ protected function createEntity() { $block_content_type = BlockContentType::create([ 'id' => 'basic', diff --git a/core/modules/quickedit/src/Tests/QuickEditLoadingTest.php b/core/modules/quickedit/src/Tests/QuickEditLoadingTest.php index 41f26a8..6f50d83 100644 --- a/core/modules/quickedit/src/Tests/QuickEditLoadingTest.php +++ b/core/modules/quickedit/src/Tests/QuickEditLoadingTest.php @@ -89,7 +89,7 @@ protected function setUp() { // editing $basic_permissions = ['access content', 'create article content', 'edit any article content', 'use text format filtered_html', 'access contextual links']; $this->authorUser = $this->drupalCreateUser($basic_permissions); - $this->editorUser = $this->drupalCreateUser(array_merge($basic_permissions, ['access in-place editing'])); + $this->editorUser = $this->drupalCreateUser(array_merge($basic_permissions, ['access in-place editing', 'access content'])); } /** diff --git a/core/modules/rest/tests/src/Functional/EntityResource/BlockContent/BlockContentResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/BlockContent/BlockContentResourceTestBase.php index f531c38..42d1ea2 100644 --- a/core/modules/rest/tests/src/Functional/EntityResource/BlockContent/BlockContentResourceTestBase.php +++ b/core/modules/rest/tests/src/Functional/EntityResource/BlockContent/BlockContentResourceTestBase.php @@ -40,7 +40,7 @@ * {@inheritdoc} */ protected function setUpAuthorization($method) { - $this->grantPermissionsToTestedRole(['administer blocks']); + $this->grantPermissionsToTestedRole(['administer blocks', 'access content']); } /** @@ -153,4 +153,23 @@ protected function getNormalizedPostEntity() { ]; } + + /** + * {@inheritdoc} + */ + protected function getExpectedUnauthorizedAccessMessage($method) { + if ($this->config('rest.settings')->get('bc_entity_resource_permissions')) { + return parent::getExpectedUnauthorizedAccessMessage($method); + } + + switch ($method) { + case 'GET': + case 'PATCH': + return "The 'access content' permission is required for view, and 'administer blocks' permission is required for update BlockContent entity."; + + default: + return parent::getExpectedUnauthorizedAccessMessage($method); + } + } + } diff --git a/core/modules/system/src/Tests/Update/UpdatePathRC1TestBaseFilledTest.php b/core/modules/system/src/Tests/Update/UpdatePathRC1TestBaseFilledTest.php index 9ee6d0c..0e0ab15 100644 --- a/core/modules/system/src/Tests/Update/UpdatePathRC1TestBaseFilledTest.php +++ b/core/modules/system/src/Tests/Update/UpdatePathRC1TestBaseFilledTest.php @@ -4,6 +4,7 @@ use Drupal\node\Entity\Node; use Drupal\node\Entity\NodeType; +use Drupal\user\Entity\Role; use Drupal\user\Entity\User; /** @@ -16,6 +17,19 @@ class UpdatePathRC1TestBaseFilledTest extends UpdatePathRC1TestBaseTest { /** * {@inheritdoc} */ + protected function setUp() { + parent::setUp(); + + // Give anonymous users permission to access content, so that we can view + // BlockContent entity. + $anonymous_role = Role::load(Role::ANONYMOUS_ID); + $anonymous_role->grantPermission('access content'); + $anonymous_role->save(); + } + + /** + * {@inheritdoc} + */ protected function setDatabaseDumpFiles() { parent::setDatabaseDumpFiles(); $this->databaseDumpFiles[0] = __DIR__ . '/../../../tests/fixtures/update/drupal-8-rc1.filled.standard.php.gz';