ContentCreatorVisibleXbConfigEntityAccessControlHandler's `view` access must refuse access to disabled config entities

diff --git a/src/EntityHandlers/ContentCreatorVisibleXbConfigEntityAccessControlHandler.php b/src/EntityHandlers/ContentCreatorVisibleXbConfigEntityAccessControlHandler.php index a1bb474b6..ed89c4324 100644 --- a/src/EntityHandlers/ContentCreatorVisibleXbConfigEntityAccessControlHandler.php +++ b/src/EntityHandlers/ContentCreatorVisibleXbConfigEntityAccessControlHandler.php @@ -6,6 +6,7 @@ namespace Drupal\experience_builder\EntityHandlers; use Drupal\Core\Access\AccessResult; use Drupal\Core\Access\AccessResultInterface; +use Drupal\Core\Config\Entity\ConfigEntityInterface; use Drupal\Core\Entity\EntityHandlerInterface; use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Session\AccountInterface; @@ -15,10 +16,10 @@ final class ContentCreatorVisibleXbConfigEntityAccessControlHandler extends XbCo /** * {@inheritdoc} */ - protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account): AccessResultInterface { + protected function checkAccess(ConfigEntityInterface $entity, $operation, AccountInterface $account): AccessResultInterface { return match($operation) { // We always allow viewing these entities. - 'view' => AccessResult::allowed(), + 'view' => AccessResult::allowedIf($entity->status()), default => parent::checkAccess($entity, $operation, $account), }; } diff --git a/src/EntityHandlers/XbConfigEntityAccessControlHandler.php b/src/EntityHandlers/XbConfigEntityAccessControlHandler.php index f588d457d..828aaee88 100644 --- a/src/EntityHandlers/XbConfigEntityAccessControlHandler.php +++ b/src/EntityHandlers/XbConfigEntityAccessControlHandler.php @@ -7,6 +7,7 @@ namespace Drupal\experience_builder\EntityHandlers; use Drupal\Core\Access\AccessResult; use Drupal\Core\Access\AccessResultInterface; use Drupal\Core\Config\ConfigManagerInterface; +use Drupal\Core\Config\Entity\ConfigEntityInterface; use Drupal\Core\Entity\EntityAccessControlHandler; use Drupal\Core\Entity\EntityHandlerInterface; use Drupal\Core\Entity\EntityInterface; @@ -34,7 +35,7 @@ class XbConfigEntityAccessControlHandler extends EntityAccessControlHandler impl /** * {@inheritdoc} */ - protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account): AccessResultInterface { + protected function checkAccess(ConfigEntityInterface $entity, $operation, AccountInterface $account): AccessResultInterface { $adminPermission = $this->entityType->getAdminPermission(); assert(is_string($adminPermission)); return match($operation) {

Comments & Activities

Issue created by @wim leers
Comment 4 days ago →
🇪🇸Spain penyaskito Seville 💃, Spain 🇪🇸, UTC+2 🇪🇺
wim leers → credited penyaskito → .
Comment 4 days ago →
🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺
Tests still needed.
Merge request !918#3519878: ContentCreatorVisibleXbConfigEntityAccessControlHandler's `view` access must refuse access to disabled config entities → (Open) created by penyaskito
Pipeline finished with Failed
4 days ago
Total: 1586s
#476762
Pipeline finished with Failed
4 days ago
Total: 1672s
#476826
Pipeline finished with Failed
4 days ago
Total: 1708s
#476836

Comment 4 days ago →

🇪🇸Spain penyaskito Seville 💃, Spain 🇪🇸, UTC+2 🇪🇺

This has new tests, removes xb_visible_when_disabled, and behaves the same way as HEAD.
The only issue is that JavaScriptComponent is singled-out:

    $require_status_true = match ($xb_config_entity_type->getHandlerClass('access')) {
      ContentCreatorVisibleXbConfigEntityAccessControlHandler::class => FALSE,
      XbConfigEntityAccessControlHandler::class => ($xb_config_entity_type->id() !== JavaScriptComponent::ENTITY_TYPE_ID),
      default => throw new \LogicException(),
    };

This means that Pattern probably should have had the xb_visible_when_disabled flag too.
NR for confirmation.

Pipeline finished with Success
4 days ago
Total: 3309s
#476881

ContentCreatorVisibleXbConfigEntityAccessControlHandler's `view` access must refuse access to disabled config entities

Overview

Proposed resolution

User interface changes

Merge Requests

!918ContentCreatorVisibleXbConfigEntityAccessControlHandler's `view` access must refuse access to disabled config entities
Open

Comments & Activities

ContentCreatorVisibleXbConfigEntityAccessControlHandler's `view` access must refuse access to disabled config entities

Overview

Proposed resolution

User interface changes

Merge Requests

!918ContentCreatorVisibleXbConfigEntityAccessControlHandler's `view` access must refuse access to disabled config entitiesOpen

Comments & Activities

!918ContentCreatorVisibleXbConfigEntityAccessControlHandler's `view` access must refuse access to disabled config entities
Open