Error: Call to a member function isAllowed() on bool

Problem

When I try to use Views Bulk Operations with my custom actions to publish or unpublish content, I receive the following error:

An AJAX HTTP error occurred.
HTTP Result Code: 200
Debugging information follows.
Path: /batch?id=8076&op=do_nojs&op=do
StatusText: OK
ResponseText: Error: Call to a member function isAllowed() on bool in Drupal\views_bulk_operations\Service\ViewsBulkOperationsActionProcessor->process() (line 461 of /app/web/modules/contrib/views_bulk_operations/src/Service/ViewsBulkOperationsActionProcessor.php).

This used to work without error with v4.1.0, but after upgrading the module to v4.1.2 I get the error above.

Steps to reproduce

- Enable VBO v4.1.1+ and the content moderation module.
- Define node states such as draft, review, published, and unpublished and related workflows.
- Create a custom publish action following the documentation → with an access function like:

  public function access($object, AccountInterface $account = NULL, $return_as_object = FALSE) {
    if ($object->getEntityType() === 'node') {
      $access = $object->access('update', $account, TRUE)
        ->andIf($object->status->access('edit', $account, TRUE));
      return $return_as_object ? $access : $access->isAllowed();
    }

    // Other entity types may have different
    // access methods and properties.
    return TRUE;
  }

- Configure VBO on a content view with your custom publish action.
- Attempt to use VBO on the content view to publish an unpublished content node and note resulting error.

Proposed resolution

I believe this issue was introduced with Issue #3246212 → .

The problem is a result of the change to the ViewsBulkOperationsActionProcessor.php process() function on line 461. It now assumes that all access() functions will return an object with an isAllowed() member. However, the example access() function from the documentation has a default/fallback condition at the end of the function where it simply returns a boolean TRUE. (Resulting in the "Call to a member function isAllowed() on bool" error that I'm experiencing.)

It's unclear to me whether the best/desired fix is to ensure that our custom access() functions always return an object or modify process() such that it doesn't error if access() returns a boolean.

Remaining tasks

Additionally, I uncovered several other underlying problems with the example access() code in the documentation → . This code appears to be for an earlier version of Drupal and the entity API has since changed:

- $object->getEntityType() should be changed to $object->getEntityTypeId()
- $object->status->access('edit', $account, TRUE) should be changed to $object->access('edit', $account, TRUE)

The example code in the documentation needs to be updated to reflect these changes because right now it's not actually doing any access checks and simply defaulting to granting access.