Some sites have different node access results because we removed the last "hook_node_grants" implementation

Patch in #2 is trying to create a tests folder outside of the web folder, see screenshot. I re-rolled the patch without the wandering test files.

Must be something funky in my environment. If I apply the patch in #2 to the 1.0 release, the two new Kernel tests are placed outside of the web folder. But downloading the latest dev release has them in the correct folder under the group module folder.

Patch #2 works for me locally, but when I deploy to my dev environment, I get a WSOD:
"Fatal error: Cannot declare class Drupal\group_test_plugin\Entity\EntityTestWithOwner, because the name is already in use in /app/web/modules/contrib/group/src/Entity/EntityTestWithOwner.php on line 35"

Group 1.0.0
Drupal 8.9.2

Ideas?

Applying the patch at #2 to Group 1.0.0 via composer-patches fails. Doing so creates a directory "b" in the root of the group module directory and appears to misplace other items. The patch will apply manually with git apply from the module root, albeit adding trailing whitespace errors on 4 lines.

Continuing from #3159755: The new entity access in 1.0.0 breaks node_access checking:
On my local dev, after composer-updating from 1.0-rc5 to 1.0.0, applying the patch (via git as above) and running the db updates, I still get the same results. Nodes that were restricted are now public.

Attempting to replicate on simplytest.me:
Install with group 8.x-1.0.0 and the patch at
https://www.drupal.org/files/issues/2020-07-20/group-3160329-2.patch

Installation fails, with the patch failing to apply, and the error noted at comment #8 when enabling modules.

- Installing drupal/group (1.0.0):
Downloading
(100%)
- Applying patches for drupal/group https://www.drupal.org/files/issues/2020-07-20/group-3160329-2.patch (STM patch 1595544606)
Could not apply patch! Skipping. The error was: Cannot apply patch https://www.drupal.org/files/issues/2020-07-20/group-3160329-2.patch

[...]

5f1a14409eeab6056834d536# /bin/sh -c drush -r "${DOCROOT}" en group -y
The following module(s) will be enabled: group, entity, variationcache
// Do you want to continue?: yes.
Fatal error: Cannot declare class Drupal\group_test_plugin\Entity\EntityTestWithOwner, because the name is already in use in /var/www/html.original/modules/contrib/group/src/Entity/EntityTestWithOwner.php on line 35
[warning] Drush command terminated abnormally. Check for an exit() in your Drupal site.
Command Failed (Tugboat Error 1064): Exit code (255)

Thanks. Dev version works as expected on simplytest.me. Grouped pages are restricted by group access for entity view and views query. I will see if I can successfully upgrade from 1.0-rc5 to dev ;-)

Will you push a 1.1 release soon? Seems like this is a fairly nasty bug that will hit site builders who upgrade production without testing, expecting that a release candidate to 1.0 update should not introduce major changes and a new dependency.

Hmm ... but if I upgrade my site from rc5 to 1.x-dev:

• Entity view access works as expected, grouped nodes are inaccessible at /node/xxx if the user does not have appropriate group permissions.
• But query-level access is not working - the same grouped node's fields are visible in content views for that user.

Investigating ... (later) ... I can't reproduce the above when upgrading a clean install from 1.0-rc5 to 1.x-dev. Rats. I'll continue to investigate why my existing site might be problematic to upgrade and report back here. Does anyone else have the same problem?

Edit: started a new issue to deal with that: #3161490: Views node query access restrictions differ after upgrade from rc5 to 1.1

Unpublishing as this is a security issue (https://security.drupal.org/node/173176)