I am seeing errors caused by the core Drupal\contact\Access access check: our site uses a sitewide contact form with contact storage, but no users have personal contact forms enabled. However - because the administrator role inherits all permissions - administrators still see a tab for a non-existent contact form. If you click it, you generate an error (in the contact_storage module). Resolving that error with the patch in https://www.drupal.org/project/contact_storage/issues/3055176 causes error further down the stack:

The website encountered an unexpected error. Please try again later.</br></br><em class="placeholder">Drupal\Component\Plugin\Exception\PluginNotFoundException</em>: The &quot;entity:contact_message:personal&quot; plugin does not exist. in <em class="placeholder">Drupal\Core\Plugin\DefaultPluginManager-&gt;doGetDefinition()</em> (line <em class="placeholder">52</em> of <em class="placeholder">core/lib/Drupal/Component/Plugin/Discovery/DiscoveryTrait.php</em>). <pre class="backtrace">Drupal\Core\Plugin\DefaultPluginManager-&gt;getDefinition(&#039;entity:contact_message:personal&#039;) (Line: 287)
Drupal\Core\TypedData\TypedDataManager-&gt;getCanonicalRepresentation(Object) (Line: 138)
Drupal\Core\TypedData\Validation\RecursiveContextualValidator-&gt;validateNode(Object, NULL, 1) (Line: 99)
Drupal\Core\TypedData\Validation\RecursiveContextualValidator-&gt;validate(Object, NULL, NULL) (Line: 90)
Drupal\Core\TypedData\Validation\RecursiveValidator-&gt;validate(Object) (Line: 131)
Drupal\Core\TypedData\TypedData-&gt;validate() (Line: 488)
Drupal\Core\Entity\ContentEntityBase-&gt;validate() (Line: 192)
Drupal\Core\Entity\ContentEntityForm-&gt;validateForm(Array, Object) (Line: 194)
Drupal\contact\MessageForm-&gt;validateForm(Array, Object)
call_user_func_array(Array, Array) (Line: 82)
Drupal\Core\Form\FormValidator-&gt;executeValidateHandlers(Array, Object) (Line: 275)
Drupal\Core\Form\FormValidator-&gt;doValidateForm(Array, Object, &#039;contact_message_personal_form&#039;) (Line: 118)
Drupal\Core\Form\FormValidator-&gt;validateForm(&#039;contact_message_personal_form&#039;, Array, Object) (Line: 575)
Drupal\Core\Form\FormBuilder-&gt;processForm(&#039;contact_message_personal_form&#039;, Array, Object) (Line: 318)
Drupal\Core\Form\FormBuilder-&gt;buildForm(&#039;contact_message_personal_form&#039;, Object) (Line: 48)
Drupal\Core\Entity\EntityFormBuilder-&gt;getForm(Object) (Line: 117)
Drupal\contact\Controller\ContactController-&gt;contactPersonalPage(Object)
call_user_func_array(Array, Array) (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber-&gt;Drupal\Core\EventSubscriber\{closure}() (Line: 582)
Drupal\Core\Render\Renderer-&gt;executeInRenderContext(Object, Object) (Line: 124)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber-&gt;wrapControllerExecutionInRenderContext(Array, Array) (Line: 97)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber-&gt;Drupal\Core\EventSubscriber\{closure}() (Line: 151)
Symfony\Component\HttpKernel\HttpKernel-&gt;handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel-&gt;handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session-&gt;handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle-&gt;handle(Object, 1, 1) (Line: 99)
Drupal\page_cache\StackMiddleware\PageCache-&gt;pass(Object, 1, 1) (Line: 78)
Drupal\page_cache\StackMiddleware\PageCache-&gt;handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware-&gt;handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware-&gt;handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel-&gt;handle(Object, 1, 1) (Line: 696)
Drupal\Core\DrupalKernel-&gt;handle(Object) (Line: 19)

The core Access seems to deliberately check for the permission (with a comment "User administrators should always have access to personal contact forms.") BEFORE it checks if the contact page is enabled. I'm not sure I understand the logic of this, as either administrators or the users themselves have decided that the users should NOT have a contact form.

Comments

MrDaleSmith created an issue. See original summary.

mrdalesmith’s picture

mrdalesmith commented
Related issues: +#3055176: Error with Drupal 8.7.0
jibran’s picture

jibran
he/him
Primary language Urdu
Location Toronto, Canada
commented
Related issues: +#3103264: Improve test coverage of ContactMessageAccessControlHandler
avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Version: 8.7.x-dev » 8.9.x-dev

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 9.1.x-dev » 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
commented
Status: Active » Closed (duplicate)
Issue tags: +Bug Smash Initiative

I think this was resolved by #602234: Don't allow admin users to access their own contact form