ApiAutoSaveControllerTest::testPost should use a less power for permission than 'bypass node access'

Created on 11 July 2025, 23 days ago

Overview

Follow-up to 🐛 Pending changes leaking entities that user might have no access to Active

In \Drupal\Tests\experience_builder\Kernel\ApiAutoSaveControllerTest::testPost is given the 'bypass node access', permission to make sure they can see and edit the articles in the auto-save. But this is very powerful permission that could have side-effects

Proposed resolution

Give the user less power permission or other alter their access. We could use xb_test_access to even make a new permission

User interface changes

📌 Task

Status

Active

Version

0.0

Component

Auto-save

Created by

🇺🇸United States tedbow Ithaca, NY, USA

Live updates comments and jobs are added and updated live.

stable blocker

Comments & Activities

Issue created by @tedbow
Comment 23 days ago →
🇦🇺Australia larowlan 🇦🇺🏝.au GMT+10
tedbow → credited larowlan → .
Comment 23 days ago →
🇺🇸United States tedbow Ithaca, NY, USA
Comment 23 days ago →
🇺🇸United States tedbow Ithaca, NY, USA
Comment 11 days ago →
🇺🇸United States effulgentsia
It's good for maintainability for our test coverage to include the most useful scenarios, but I don't think this needs to block a stable release.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024