diff --git a/core/modules/content_moderation/src/Access/LatestRevisionCheck.php b/core/modules/content_moderation/src/Access/LatestRevisionCheck.php index b5dcdeb..61ccff2 100644 --- a/core/modules/content_moderation/src/Access/LatestRevisionCheck.php +++ b/core/modules/content_moderation/src/Access/LatestRevisionCheck.php @@ -56,8 +56,8 @@ public function access(Route $route, RouteMatchInterface $route_match, AccountIn $entity = $this->loadEntity($route, $route_match); if ($this->moderationInfo->hasForwardRevision($entity)) { return AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view any unpublished content']) - ->orIf(AccessResult::allowedIfHasPermission($account, 'view own unpublished content') - ->allowedIf($entity instanceof EntityOwnerInterface && $entity->getOwnerId() == $account->id()) + ->orIf(AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view own unpublished content']) + ->andif(AccessResult::allowedIf($entity instanceof EntityOwnerInterface && $entity->getOwnerId() == $account->id())) )->addCacheableDependency($entity); } diff --git a/core/modules/content_moderation/tests/src/Unit/LatestRevisionCheckTest.php b/core/modules/content_moderation/tests/src/Unit/LatestRevisionCheckTest.php index 3386e9c..50e0ac7 100644 --- a/core/modules/content_moderation/tests/src/Unit/LatestRevisionCheckTest.php +++ b/core/modules/content_moderation/tests/src/Unit/LatestRevisionCheckTest.php @@ -105,10 +105,20 @@ public function testLatestAccessPermissions($entity_class, $entity_type, $has_fo */ public function accessSituationProvider() { return [ + // Node with global permissions and latest version. [Node::class, 'node', TRUE, ['view latest version', 'view any unpublished content'], FALSE, AccessResultAllowed::class], + // Node with global permissions and no latest version. [Node::class, 'node', FALSE, ['view latest version', 'view any unpublished content'], FALSE, AccessResultForbidden::class], + // Node with own content permissions and latest version. [Node::class, 'node', TRUE, ['view latest version', 'view own unpublished content'], TRUE, AccessResultAllowed::class], + // Node with own content permissions and no latest version. [Node::class, 'node', TRUE, ['view latest version', 'view own unpublished content'], FALSE, AccessResultNeutral::class], + // Node with own content permissions and latest version, but no perms to + // view latest version. + [Node::class, 'node', TRUE, ['view own unpublished content'], TRUE, AccessResultNeutral::class], + // Node with own content permissions and no latest version, but no perms + // to view latest version. + [Node::class, 'node', TRUE, ['view own unpublished content'], FALSE, AccessResultNeutral::class], [BlockContent::class, 'block_content', TRUE, ['view latest version', 'view any unpublished content'], FALSE, AccessResultAllowed::class], [BlockContent::class, 'block_content', FALSE, ['view latest version', 'view any unpublished content'], FALSE, AccessResultForbidden::class], [BlockContent::class, 'block_content', TRUE, ['view latest version', 'view own unpublished content'], FALSE, AccessResultNeutral::class],