if ($account->id() == $entity->getOwnerId()) {
        $permissions = [
          "$operation own {$entity->getEntityTypeId()}",
          "$operation any {$entity->getEntityTypeId()}",
          "$operation own {$entity->bundle()} {$entity->getEntityTypeId()}",
          "$operation any {$entity->bundle()} {$entity->getEntityTypeId()}",
        ];
      }
      else {
        $permissions = [
          "$operation any {$entity->getEntityTypeId()}",
          "$operation any {$entity->bundle()} {$entity->getEntityTypeId()}",
        ];
      }

      $result = AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');

Looks like a pure omission. This code checks the owner ID, but doesn't add ->cachePerUser() to the result, even though it must.

Comments

bojanz created an issue. See original summary.

  • bojanz committed d52e8e6 on 8.x-1.x 
    Issue #2977224: EntityAccessControlHandler::checkEntityOwnerPermissions...
bojanz’s picture

bojanz commented
Status: Active » Fixed

Fixed.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.