Access checks for denying current revision revert/delete need work

Created on 28 February 2023, almost 2 years ago
Updated 13 June 2023, over 1 year ago

Problem/Motivation

🐛 Should not be able to Revert the Current revision Fixed added access checks to disallow deleting or reverting the current revision.
However it seems the access checks aren't quite right.
The results are andIf()'d together. The truth table on AccessResultInterface::andIf() notes a Neutral and a Allowed combined to be a Neutral.
Additionally for AccessResult::forbiddenIf($entity->isLatestRevision()) when $entity->isLatestRevision() is false then forbiddenIf will return Neutral. When combined with any other previous allowed a final Neutral will be returned.

Proposed resolution

Update access checks, verify access is as expected.

Switch AccessResult::forbiddenIf($entity->isLatestRevision()) to $entity->isLatestRevision() ? AccessResult::forbidden() : AccessResult::allowed() - i.e. a hard allowed not a neutral.
I think the revert case will need a similar change.

Add tests?

📌 Task
Status

Active

Version

2.0

Component

Code

Created by

🇦🇺Australia fenstrat Australia

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024