diff --git a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php index 04412e9..d15b7f5 100644 --- a/core/lib/Drupal/Core/Entity/EntityAccessCheck.php +++ b/core/lib/Drupal/Core/Entity/EntityAccessCheck.php @@ -45,14 +45,14 @@ public function access(Route $route, RouteMatchInterface $route_match, AccountIn // Split the entity type and the operation. $requirement = $route->getRequirement('_entity_access'); list($entity_type, $operation) = explode('.', $requirement); - // If there is valid entity of the given entity type, check its access. $parameters = $route_match->getParameters(); - if ($parameters->has($entity_type)) { - $entity = $parameters->get($entity_type); - if ($entity instanceof EntityInterface) { + // If there is valid entity of the given entity type, check its access. + foreach ($route->getOption('parameters') as $name => $options) { + if (isset($options['type']) && $options['type'] == 'entity:' . $entity_type && ($entity = $parameters->get($name)) && $entity instanceof EntityInterface) { return $entity->access($operation, $account, TRUE); } } + // No opinion, so other access checks should decide if access should be // allowed or not. return AccessResult::neutral(); diff --git a/core/modules/content_translation/src/Tests/ContentTranslationOperationsTest.php b/core/modules/content_translation/src/Tests/ContentTranslationOperationsTest.php index a77c7c9..44ff2e6 100644 --- a/core/modules/content_translation/src/Tests/ContentTranslationOperationsTest.php +++ b/core/modules/content_translation/src/Tests/ContentTranslationOperationsTest.php @@ -90,6 +90,19 @@ function testOperationTranslateLink() { $this->drupalLogin($this->baseUser1); $this->drupalGet('node/' . $node->id() . '/translations'); $this->assertResponse(403); + + // Ensure that the translation overview is also not accessible when the user + // has 'access content', but the node is not published. + user_role_change_permissions( + Role::AUTHENTICATED_ID, + [ + 'create content translations' => TRUE, + 'access content' => TRUE, + ] + ); + $node->setPublished(FALSE)->save(); + $this->drupalGet('node/' . $node->id() . '/translations'); + $this->assertResponse(403); } } diff --git a/core/modules/rest/src/Tests/ResourceTest.php b/core/modules/rest/src/Tests/ResourceTest.php index f55ad54..f699a4b 100644 --- a/core/modules/rest/src/Tests/ResourceTest.php +++ b/core/modules/rest/src/Tests/ResourceTest.php @@ -6,6 +6,8 @@ */ namespace Drupal\rest\Tests; +use Drupal\Core\Session\AccountInterface; +use Drupal\user\Entity\Role; /** * Tests the structure of a REST resource. @@ -38,6 +40,10 @@ protected function setUp() { // Create an entity programmatically. $this->entity = $this->entityCreate('entity_test'); $this->entity->save(); + + Role::load(AccountInterface::ANONYMOUS_ROLE) + ->grantPermission('view test entity') + ->save(); } /** diff --git a/core/modules/system/src/Tests/Entity/EntityViewControllerTest.php b/core/modules/system/src/Tests/Entity/EntityViewControllerTest.php index a80b984..5aeef20 100644 --- a/core/modules/system/src/Tests/Entity/EntityViewControllerTest.php +++ b/core/modules/system/src/Tests/Entity/EntityViewControllerTest.php @@ -39,6 +39,7 @@ protected function setUp() { $this->entities[] = $entity_test; } + $this->drupalLogin($this->drupalCreateUser(['view test entity'])); } /** diff --git a/core/modules/views/src/Tests/Handler/FieldEntityLinkTest.php b/core/modules/views/src/Tests/Handler/FieldEntityLinkTest.php index 01a66ec..0ab8409 100644 --- a/core/modules/views/src/Tests/Handler/FieldEntityLinkTest.php +++ b/core/modules/views/src/Tests/Handler/FieldEntityLinkTest.php @@ -10,6 +10,7 @@ use Drupal\Core\Session\AccountInterface; use Drupal\entity_test\Entity\EntityTest; use Drupal\simpletest\UserCreationTrait; +use Drupal\user\Entity\Role; use Drupal\views\Tests\ViewKernelTestBase; use Drupal\views\Views; @@ -51,6 +52,7 @@ protected function setUpFixtures() { $this->installEntitySchema('user'); $this->installEntitySchema('entity_test'); + $this->installConfig(['user']); // Create some test entities. for ($i = 0; $i < 5; $i++) { @@ -58,7 +60,11 @@ protected function setUpFixtures() { } // Create and admin user. - $this->adminUser = $this->createUser([], FALSE, TRUE); + $this->adminUser = $this->createUser(['view test entity'], FALSE, TRUE); + + Role::load(AccountInterface::ANONYMOUS_ROLE) + ->grantPermission('view test entity') + ->save(); } /** diff --git a/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php index 0865933..287f5e6 100644 --- a/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Entity/EntityAccessCheckTest.php @@ -32,7 +32,7 @@ public function testAccess() { $container->set('cache_contexts_manager', $cache_contexts_manager); \Drupal::setContainer($container); - $route = new Route('/foo', array(), array('_entity_access' => 'node.update')); + $route = new Route('/foo/{var_name}', array(), array('_entity_access' => 'node.update'), ['parameters' => ['var_name' => ['type' => 'entity:node']]]); $upcasted_arguments = new ParameterBag(); $route_match = $this->getMock('Drupal\Core\Routing\RouteMatchInterface'); $route_match->expects($this->once()) @@ -45,7 +45,7 @@ public function testAccess() { ->method('access') ->will($this->returnValue(AccessResult::allowed()->cachePerPermissions())); $access_check = new EntityAccessCheck(); - $upcasted_arguments->set('node', $node); + $upcasted_arguments->set('var_name', $node); $account = $this->getMock('Drupal\Core\Session\AccountInterface'); $access = $access_check->access($route, $route_match, $account); $this->assertEquals(AccessResult::allowed()->cachePerPermissions(), $access);