Getting 'access denied' after updating to 7.x-3.25

What access control is set on the views?

FWIW I'm not seeing this. Anonymous can see views with access "permission/view published content." Views with access:role appear to be visible only by users with those roles. Just spot checks, but no problems evident.

Are you using Admin Views?

Hello, got the same problem after update Views to 7.x - 3.25 version.
My landing page has more than 2 views for a small bunch of site users roles (access settings "Role/Multiple Roles").
Have Administration Views installed also (7.x - 1.8).

@sdudnik: Does the page that doesn't work correctly use the "System" display?

@damienmckenna
no

Calendar on first page
Display: Page
In database
Type: Content

@La558 and @sdudnik: What releases of PHP are you using?

@damienmckenna
PHP 7.1.26

I'm having the same issue after upgrading to 7.35.

Using Access: Roles: multiple roles returns "Access Denied"

However, I have a few displays that are very similar that are still working.

The only thing I can see that is different is the ones that don't work are using contextual filters to provide the url. ie, https://example.com/store/dept/%

The working ones have hardcoded paths, ie: https://example.com/store/dept/closeouts

Php: 7.4.18
Drupal: 7.82

I'm having same issue here.

- Two views for landing page, oppositely setted access by roles.
- Admin Views: not used
- "System" display: no.
- PHP: 7.4.25
- Drupal 7.82

I'm facing a similar issue after upgrade from 7.x-3.24 to 7.x-3.25 (Drupal 7.82, PHP 7.4.26).
I have a view with two page displays, same path but access by different roles.
After upgrade, only the last display works as before, respecting roles.

Example:

Display 1:
path: /articles
roles: editor

Display 2:
path: /articles
roles: admin, reviewer

Users with role admin or reviewer can access display 2 using path /articles, editors get always 'Access denied'.
Changing display order, editors can access but the others get an 'Access denied'.

Has anyone tried out the latest dev release to see if the problem is resolved?

Once we work out the cause of the problem, let's add test coverage to make sure it isn't broken again.

I tried version 7.x-3.27 but issue is still present.
After a bit of debugging seems that this issue is caused by
https://git.drupalcode.org/project/views/-/commit/9ce55e9641fb6cc99214bf...
rolling back this commit views work as before.
The issue related to this commit is https://www.drupal.org/project/views/issues/1771140 but i don't get any php warning mentioned there.

This problem is only happening when two page displays are on the same URL with different access permissions for different user roles. The view only respects access permissions from the page display whichever comes first.
Before this issue gets fixed, instead of using page displays in the view, we can use block displays. For this you can just create an empty page display and provide an access to all user roles, then clone page display as block, use general page display URL to display the blocks and configure block display access permissions per user role.

With multiple block displays and single page display we can achieve identical results, while using the same URL.

One more change you might need to apply to your block display is to turn on ajax if you are using exposed filters with your page view in block displays as the block display doesn't allow exposed filters unless ajax is turned on.

Hope it helps.