Flag permissions have no effect

It looks like the access condition in the UserFlagType class needs either the parent access result, OR the own/other profile permission.

In this configuration, unless im missing something, the parent::actionAccess will return Allowed and the 'own' items result will be neutra, even though the user actually doesn't have the permission.

$access = parent::actionAccess($action, $flag, $account, $flaggable);

    if ($flaggable && $this->hasExtraPermission('owner')) {
      // Permit selfies.
      $permission = $action . ' ' . $flag->id() . ' own user account';
      $selfies_permission_access = AccessResult::allowedIfHasPermission($account, $permission)
        ->addCacheContexts(['user']);
      $account_match_access = AccessResult::allowedIf($account->id() == $flaggable->id());
      $own_access = $selfies_permission_access->andIf($account_match_access);
      $access = $access->orIf($own_access);

Not convinced that push is the way to go on this to be honest, but it does resolve this issue (unsure of any consequences)

1. With own account flag permission off = no access to own account flag
2. With own account flag permission on = access to own account flag
3. With other accounts flag permission on = access to other account flags
4. With other accounts flag permission off = no access to other account flags

aaron.ferris → closed merge request !62

I'm experiencing this issue, and when creating a new (global) flag and trying to set the permissions for it the site throws a WSOD on saving the permissions with error:

RuntimeException: Adding non-existent permissions to a role is not allowed. The incorrect permissions are "flag tec_draft_order_excel_lover", "unflag ***". in Drupal\user\Entity\Role->calculateDependencies() (line 207 of /var/www/***/core/modules/user/src/Entity/Role.php).

I can't make new flags available anymore to any users, only UID1 is able to see and use flags.