Contrib.social

'View any unpublished content' permission is surprisingly broad

Open on Drupal.org →
Created on 15 October 2024, 4 months ago

Problem/Motivation

This issue was first discussed in a private issue on security.drupal.org. The security team agreed that it can be discussed publicly.

The content_moderation module defines the permission 'View any unpublished content'. The module does not make it clear what "content" means in this permission.

This permission applies to any content entity that implements Drupal\Core\Entity\EntityPublishedInterface. Roughly speaking, that means any entity that can be published or unpublished. This permission applies whether or not a workflow applies to the content entity, which may not be what most site administrators expect.

In Drupal core, at least the following entities implement EntityPublishedInterface: block content, menu link content, node, term, and media.

Steps to reproduce

  1. Install Drupal with the standard profile.
  2. Log in as /user/1.
  3. Create two taxonomy terms: one published, one not.
  4. Create a user with the content_editor role.
  5. In a different browser, log in as the new user.
  6. Confirm that the user can view the published term, not the unpublished one.
  7. Enable the content_moderation module.
  8. Grant the view any unpublished content permission to the content_editor role.
  9. Confirm that the user can view both the published term and the unpublished one.

Proposed resolution

To be decided.

Here are some options to consider:

  1. Add a description to the 'View any unpublished content' permission, explaining how broad the permission is. This description will appear on /admin/people/permissions and /admin/people/permissions/module/content_moderation.
  2. Add a new permission that applies only to entities managed by a workflow. Advise site owners to review whether the new permission is appropriate for their site and their users.

Remaining tasks

User interface changes

To be determined.

Introduced terminology

None

API changes

To be determined.

Data model changes

None

Release notes snippet

📌 Task
Status

Active

Version

11.0 🔥

Component

content_moderation.module

Created by

🇺🇸United States benjifisher Boston area

Live updates comments and jobs are added and updated live.
  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @benjifisher
  • Comment 4 months ago
    cilefen
  • Comment 4 months ago
    🇦🇺Australia larowlan 🇦🇺🏝.au GMT+10
  • Comment 4 months ago
    🇦🇺Australia Sam152
  • Comment 4 months ago
    🇺🇸United States benjifisher Boston area

    I am adding issue credit for the users who commented on the private issue.

    Unfortunately, the term "content" has several meanings in Drupal. Sometimes, it means "node entity". Sometimes it means "content entity". As I explained in the issue summary, it means something in between those two in the context of the 'View any unpublished content' permission.

    There are at least two places in the content_moderation module that incorrectly suggest that the permission applies only to nodes. The route provider has these lines:

            // If the entity type is a node, unpublished content will be visible
        // if the user has the "view any unpublished content" permission.
        ->setRequirement('_entity_access', "{$entity_type_id}.view")

    and content_moderation.views_execution.inc has this function:

    function content_moderation_views_query_substitutions(ViewExecutable $view) {
  $account = \Drupal::currentUser();
  return [
    '***VIEW_ANY_UNPUBLISHED_NODES***' => intval($account->hasPermission('view any unpublished content')),
  ];
}
  • Comment 4 months ago
    🇭🇺Hungary peter_serfozo
  • Comment 4 months ago
    🇺🇸United States benjifisher Boston area
  • Comment 4 months ago
    🇺🇸United States benjifisher Boston area

    I did not include it in the issue summary, but one option is to restrict the 'View any unpublished content' permission less broad. I think this option would be too disruptive. Existing users on existing sites would suddenly not be able to see unpublished entities that they currently can see.

    If we add a new permission, or one per entity type, then we have to consider how to implement that permission in views. We should also consider how it affects typical workflows with the content_moderation module.

    I am adding some work-arounds to the issue summary.

    I wonder if EntityPublishedInterface, or the base class \Drupal\Core\Entity\EditorialContentEntityBase, should add a helper method to be used in access() methods of entity classes or in implementations of hook_entity_access(). The helper method could handle metadata for caching, which is important for access control.

  • Comment 4 months ago
    🇮🇳India lavanyatalwar

    Working on it.

  • Merge request !9851#Issue-3480675. → (Open) created by lavanyatalwar
  • Pipeline finished with Failed
    4 months ago
    Total: 665s
    #311380
  • Comment 4 months ago
    🇮🇳India lavanyatalwar

    Hi @benjifisher,
    I am getting this pipeline failure for the following issue and this is not related to the changes I have made

    ---- Drupal\Tests\block\Functional\BlockTest ----
Status    Group      Filename          Line Function                            
--------------------------------------------------------------------------------
Fail      Other      phpunit-11.xml       0 Drupal\Tests\block\Functional\Block
    PHPUnit Test failed to complete; Error: PHPUnit 10.5.35 by Sebastian
    Bergmann and contributors.
    
    Runtime:       PHP 8.3.12
    Configuration: /builds/issue/drupal-3480675/core/phpunit.xml.dist
    
    ...........F..                                                    14 / 14
    (100%)
    
    HTML output was generated.
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-1-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-2-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-3-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-4-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-5-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-6-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-7-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-8-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-9-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-10-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-11-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-12-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-13-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-14-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-15-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-16-42144665.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-17-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-18-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-19-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-20-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-21-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-22-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-23-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-24-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-25-67738122.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-26-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-27-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-28-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-29-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-30-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-31-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-32-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-33-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-34-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-35-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-36-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-37-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-38-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-39-14385962.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-40-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-41-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-42-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-43-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-44-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-45-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-46-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-47-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-48-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-49-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-50-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-51-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-52-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-53-24155744.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-54-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-55-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-56-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-57-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-58-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-59-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-60-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-61-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-62-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-63-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-64-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-65-24518180.html
    http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-66-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-67-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-68-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-69-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-70-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-71-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-72-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-73-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-74-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-75-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-76-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-77-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-78-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-79-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-80-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-81-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-82-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-83-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-84-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-85-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-86-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-87-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-88-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-89-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-90-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-91-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-92-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-93-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-94-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-95-24518180.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-96-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-97-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-98-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-99-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-100-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-101-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-102-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-103-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-104-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-105-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-106-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-107-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-108-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-109-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-110-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-111-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-112-81038441.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-113-30839567.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-114-30839567.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-115-30839567.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-116-30839567.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-117-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-118-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-119-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-120-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-121-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-122-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-123-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-124-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-125-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-126-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-127-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-128-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-129-15334238.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-130-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-131-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-132-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-133-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-134-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-135-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-136-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-137-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-138-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-139-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-140-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-141-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-142-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-143-42149417.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-144-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-145-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-146-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-147-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-148-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-149-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-150-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-151-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-152-62152517.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-153-25732516.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-154-25732516.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-155-25732516.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-156-83107053.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-157-83107053.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-158-83107053.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-159-83107053.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-160-96295970.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-161-96295970.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-162-93769269.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-163-93769269.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-164-93769269.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-165-93769269.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-166-93769269.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-167-93769269.html
http://localhost/subdirectory/sites/simpletest/browser_output/Drupal_Tests_block_Functional_BlockTest-168-93769269.html
Time: 02:00.175, Memory: 8.00 MB
There was 1 failure:
1) Drupal\Tests\block\Functional\BlockTest::testBlockAccess
Behat\Mink\Exception\ResponseTextException: The text "Hello test world" was
not found anywhere in the text of the current page.
/builds/issue/drupal-3480675/vendor/behat/mink/src/WebAssert.php:907
/builds/issue/drupal-3480675/vendor/behat/mink/src/WebAssert.php:293
/builds/issue/drupal-3480675/core/tests/Drupal/Tests/WebAssert.php:979
/builds/issue/drupal-3480675/core/modules/block/tests/src/Functional/BlockTest.php:581
FAILURES!
Tests: 14, Assertions: 227, Failures: 1.
  • Comment 4 months ago
    🇮🇳India lavanyatalwar

    @benjifisher
    Also I am a newbie to drupal community and I am facing some problem understanding this task
    "Add a new permission that applies only to entities managed by a workflow. Advise site owners to review whether the new permission is appropriate for their site and their users."
    If you could help me, I would be highly obiliged.

  • Comment 4 months ago
    🇺🇸United States benjifisher Boston area

    I think this issue needs some discussion before we start implementing anything. In the issue description (IS), I wrote,

    Here are some options to consider:
    ...

    I am a newbie to drupal community ...

    Thanks for looking for ways to contribute. This issue might not be the best place to start. Have you looked for issues with the "Novice" tag? For example, I added that tag to #2630732 last week in the hope that someone would jump on it.

  • Comment 4 months ago
    🇮🇳India lavanyatalwar

    Thanks @benjifisher for your feedback.
    I'll work on the issue you mentioned asap.
    And hope the contribution done by me brings some value to your module :)

  • Comment 3 months ago
    🇳🇿New Zealand ericgsmith

    I think that the fact view any unpublished content applies to any entity is confusing - and adding help text is not going to help whenever I see this used in code or site config.

    I think the fact that content moderation module is providing a permission that applies to entity types that are not moderated is also confusing. That said, I find it useful it does this even if view any unpublished entity would be a better name.

    So big +1 to solving this by renaming or refactoring the permission.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024