diff --git a/core/modules/rest/tests/src/Functional/EntityResource/Shortcut/ShortcutResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/Shortcut/ShortcutResourceTestBase.php index 50d4757..1ac94bd 100644 --- a/core/modules/rest/tests/src/Functional/EntityResource/Shortcut/ShortcutResourceTestBase.php +++ b/core/modules/rest/tests/src/Functional/EntityResource/Shortcut/ShortcutResourceTestBase.php @@ -39,12 +39,10 @@ protected function setUpAuthorization($method) { switch ($method) { case 'GET': - $this->grantPermissionsToTestedRole(['access shortcuts', 'customize shortcut links']); - break; case 'POST': case 'PATCH': case 'DELETE': - $this->grantPermissionsToTestedRole(['administer shortcuts']); + $this->grantPermissionsToTestedRole(['access shortcuts', 'customize shortcut links']); break; } } @@ -148,10 +146,13 @@ protected function getExpectedUnauthorizedAccessMessage($method) { switch ($method) { case 'GET': + return "The 'access shortcuts' AND 'customize shortcut links' permissions is required to view this shortcut entity of bundle default."; case 'POST': + return "The 'access shortcuts' AND 'customize shortcut links' permissions is required to create this shortcut entity of bundle default."; case 'PATCH': + return "The 'access shortcuts' AND 'customize shortcut links' permissions is required to update this shortcut entity of bundle default."; case 'DELETE': - return "The 'access shortcuts, customize shortcut links' permissions is required."; + return "The 'access shortcuts' AND 'customize shortcut links' permissions is required to delete this shortcut entity of bundle default."; default: return parent::getExpectedUnauthorizedAccessMessage($method); } diff --git a/core/modules/shortcut/shortcut.module b/core/modules/shortcut/shortcut.module index 037feca..156b491 100644 --- a/core/modules/shortcut/shortcut.module +++ b/core/modules/shortcut/shortcut.module @@ -65,10 +65,7 @@ function shortcut_set_edit_access(ShortcutSetInterface $shortcut_set = NULL) { // Sufficiently-privileged users can edit their currently displayed shortcut // set, but not other sets. They must also be able to access shortcuts. $may_edit_current_shortcut_set = $account->hasPermission('customize shortcut links') && (!isset($shortcut_set) || $shortcut_set == shortcut_current_displayed_set()) && $account->hasPermission('access shortcuts'); - if (!$may_edit_current_shortcut_set) { - return AccessResult::neutral("The 'access shortcuts, customize shortcut links' permissions is required.")->cachePerPermissions(); - } - return AccessResult::allowed()->cachePerPermissions(); + return AccessResult::allowedIf($may_edit_current_shortcut_set)->cachePerPermissions(); } /** diff --git a/core/modules/shortcut/shortcut.routing.yml b/core/modules/shortcut/shortcut.routing.yml index 1133357..333a4c7 100644 --- a/core/modules/shortcut/shortcut.routing.yml +++ b/core/modules/shortcut/shortcut.routing.yml @@ -58,9 +58,9 @@ entity.shortcut.canonical: path: '/admin/config/user-interface/shortcut/link/{shortcut}' defaults: _entity_form: 'shortcut.default' - _title: 'Edit' + _title: 'View' requirements: - _entity_access: 'shortcut.update' + _entity_access: 'shortcut.view' shortcut: \d+ entity.shortcut.edit_form: diff --git a/core/modules/shortcut/src/ShortcutAccessControlHandler.php b/core/modules/shortcut/src/ShortcutAccessControlHandler.php index 3fe2734..c75b3e1 100644 --- a/core/modules/shortcut/src/ShortcutAccessControlHandler.php +++ b/core/modules/shortcut/src/ShortcutAccessControlHandler.php @@ -52,7 +52,12 @@ public static function createInstance(ContainerInterface $container, EntityTypeI */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($shortcut_set = $this->shortcutSetStorage->load($entity->bundle())) { - return shortcut_set_edit_access($shortcut_set, $account); + $access = shortcut_set_edit_access($shortcut_set, $account); + if ($access->isNeutral()) { + $message = sprintf("The 'access shortcuts' AND 'customize shortcut links' permissions is required to %s this shortcut entity of bundle %s.", $operation, $entity->bundle()); + $access = AccessResult::neutral($message)->cachePerPermissions()->addCacheableDependency($shortcut_set); + } + return $access; } // @todo Fix this bizarre code: how can a shortcut exist without a shortcut // set? The above if-test is unnecessary. See https://www.drupal.org/node/2339903. @@ -64,7 +69,11 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter */ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { if ($shortcut_set = $this->shortcutSetStorage->load($entity_bundle)) { - return shortcut_set_edit_access($shortcut_set, $account); + $access = shortcut_set_edit_access($shortcut_set, $account); + if ($access->isNeutral()) { + $access = AccessResult::neutral("The 'access shortcuts' AND 'customize shortcut links' permissions is required to create this shortcut entity of bundle $entity_bundle.")->cachePerPermissions()->addCacheableDependency($shortcut_set); + } + return $access; } // @todo Fix this bizarre code: how can a shortcut exist without a shortcut // set? The above if-test is unnecessary. See https://www.drupal.org/node/2339903.