diff --git a/core/modules/node/src/NodeAccessControlHandler.php b/core/modules/node/src/NodeAccessControlHandler.php index 1565468..6475f9b 100644 --- a/core/modules/node/src/NodeAccessControlHandler.php +++ b/core/modules/node/src/NodeAccessControlHandler.php @@ -110,20 +110,7 @@ protected function checkAccess(EntityInterface $node, $operation, $langcode, Acc } // Evaluate node_access table records created by hook_node_grants(). - $access = $this->grantStorage->access($node, $operation, $langcode, $account); - // Avoid executing the fallback check if the grant storage returns allowed. - if ($access->isAllowed()) { - return $access; - } - - // If no modules implement hook_node_grants() and return allowed, the - // default behavior is to allow all users to view published nodes, so - // reflect that here. - if ($operation === 'view') { - $access = $access->orIf(AccessResult::allowedIf($status)->cacheUntilEntityChanges($node)); - } - - return $access; + return $this->grantStorage->access($node, $operation, $langcode, $account); } /** diff --git a/core/modules/node/src/NodeGrantDatabaseStorage.php b/core/modules/node/src/NodeGrantDatabaseStorage.php index 055c77e..a44f855 100644 --- a/core/modules/node/src/NodeGrantDatabaseStorage.php +++ b/core/modules/node/src/NodeGrantDatabaseStorage.php @@ -69,8 +69,14 @@ public function access(NodeInterface $node, $operation, $langcode, AccountInterf // If no module implements the hook or the node does not have an id there is // no point in querying the database for access grants. if (!$this->moduleHandler->getImplementations('node_grants') || !$node->id()) { - // No opinion. - return AccessResult::neutral(); + // Return the equivalent of the fallback grant: allow to view if node is + // published. + if ($operation === 'view') { + return AccessResult::allowedIf($node->getTranslation($langcode)->isPublished())->cacheUntilEntityChanges($node); + } + else { + return AccessResult::neutral(); + } } // Check the database for potential access grants. diff --git a/core/modules/node/src/NodeGrantDatabaseStorageInterface.php b/core/modules/node/src/NodeGrantDatabaseStorageInterface.php index e865387..e2f132d 100644 --- a/core/modules/node/src/NodeGrantDatabaseStorageInterface.php +++ b/core/modules/node/src/NodeGrantDatabaseStorageInterface.php @@ -106,7 +106,7 @@ public function writeDefault(); * The user for which to check access. * * @return \Drupal\Core\Access\AccessResultInterface - * The access result. + * The access result, either allowed or neutral. */ public function access(NodeInterface $node, $operation, $langcode, AccountInterface $account); diff --git a/core/modules/node/src/Tests/Views/BulkFormAccessTest.php b/core/modules/node/src/Tests/Views/BulkFormAccessTest.php index 027a66f..f98178e 100644 --- a/core/modules/node/src/Tests/Views/BulkFormAccessTest.php +++ b/core/modules/node/src/Tests/Views/BulkFormAccessTest.php @@ -103,17 +103,16 @@ public function testNodeEditAccess() { $node = Node::load($node->id()); $this->assertTrue($node->isPublished(), 'The node is still published.'); - // Create an account that may view the private node, but can update the - // status. + // Create an account that may edit the private node. $account = $this->drupalCreateUser(array('administer nodes', 'edit any article content', 'node test view')); $this->drupalLogin($account); // Ensure the node is published. $this->assertTrue($node->isPublished(), 'Node is initially published.'); - // Ensure that the private node can not be edited. - $this->assertEqual(FALSE, $node->access('update', $account), 'The node may not be edited.'); - $this->assertEqual(TRUE, $node->status->access('edit', $account), 'The node status can be edited.'); + // Ensure that the private node can be edited. + $this->assertTrue($node->access('update', $account), 'The node may be edited.'); + $this->assertTrue($node->status->access('edit', $account), 'The node status can be edited.'); // Test editing the node using the bulk form. $edit = array(