Add support for 'view own unpublished entity' permission

+1 , code works, but personally I would prefer to see this per content-type like
"Group node (Article) - Entity: View own unpublished content entities"

Since the Group module now leverages the contrib Entity module and has an access control handler which supports the "View own unpublished entity" permission I think we could change this to a Feature request. Implementing this shouldn't be too much work and the added benefit is that it will work for all the content entities.

@jhedstrom I hope you are OK with me changing this report. But since the issue was a bit older I thought it would make sense to do it like this.

Merge request should be complete now. Open for any feedback/review.

Test fails because issue #3188747: EntityQueryAlterCacheabilityTest is failing on several tests in issue queue

patch #5 is not creating a permission per content type

i attach a slightly updated patch which does.

Beware that the patch file is outdated and does not use the new Entity Access handling.

The merge request contains the code you should use with the latest version of 1.3. https://git.drupalcode.org/project/group/-/merge_requests/9.patch

It would be really nice if you could test that one instead.

Hello,

I tested the patch 9 referenced in the #16 of Jaap.

With the permission "Entity: View own unpublished content item entities", I was able to restrict the access to unpublished content to the only group-level authors and the users having a role with the permission "Entity: View any unpublished content item entities".

I was able to set the permissions for every content type "installed" on the group type.

Thanks everybody for the work!

Also tested #16 and all works as expected.

Setting it to RTBC.

Maybe we should also include "View own entity" in the patch. I added it and it works out of the box.

  /**
   * {@inheritdoc}
   */
  public function getEntityViewPermission($scope = 'any') {
    if ($this->definesEntityPermissions) {
      // @todo Implement view own permission.
      if ($scope === 'any') {
        // Backwards compatible permission name for 'any' scope.
        return "view $this->pluginId entity";
      }

      if ($scope === 'own' && $this->implementsOwnerInterface) {
        return "view $scope $this->pluginId entity";
      }
    }
    return FALSE;
  }

The possibility to have a "View own entity" permission deserves its dedicated issue as:

• The use case is not exactly the same as the current issue, as the current issue is focused on unpublished state of contents.
• It could have consequences on other Group-dependent modules that should not be underestimated.
  Then, we should have further test efforts on this.

Therefore, I propose to move on with the current patch and create a dedicated issue for the "View own entity" permission detailing the use case, the motivations and

I'm attaching the merge-request patch from #9 as in case the MR gets new commits, then that link would get updated with those changes.

Testing #9 on a project where the editor creates a new node for a specific group they are a member of, but does not publish the node.

EDIT:
I missed the new permission on the Group Type which I needed to check:

- View own unpublished content item entities

This patch also works on Group 2.x but you've to apply manually.

This needs a reroll for v2/v3 as it still mentions GroupContentEnabler. I also see no label being added for the new permission.

Patch for group 2 and 3

This would work, I'm just carefully considering whether this is an API break or not.

Also:

if ($scope === 'any') {
  return "view $scope unpublished $this->pluginId entity";
}

if ($scope === 'own' && $this->implementsOwnerInterface) {
  return "view $scope unpublished $this->pluginId entity";
}

Can simply be:

if ($scope === 'any' || $this->implementsOwnerInterface) {
  return "view $scope unpublished $this->pluginId entity";
}

I don't see how this is a problem, attaching a reworked patch.

Whoops

This should fix that.

I need to learn to test locally before submitting stuff...

As this is a feature I've added it to a new minor version (3.1.0/2.1.0)