Default permissions built in EntityBasePermissions don't seem to be honored

[heddn]

I'm not sure if this is related to #44 & #56, but when I attempt to create an entity instance for anyone but an admin user who has the admin_permission, I get access denied. Or it could be related to a misconfiguration of things, but from looking at the code, I don't think that is it.

[heddn]

Going to save some notes for the night and come back tomorrow:

  diff --git a/modules/contrib/content_entity_base/src/Entity/Access/EntityBaseAccessControlHandler.php b/modules/contrib/content_entity_base/src/Entity/Access/EntityBaseAccessCont
  index 1824466..a7703d8 100644
  --- a/modules/contrib/content_entity_base/src/Entity/Access/EntityBaseAccessControlHandler.php
  +++ b/modules/contrib/content_entity_base/src/Entity/Access/EntityBaseAccessControlHandler.php
  @@ -23,10 +23,27 @@ class EntityBaseAccessControlHandler extends EntityAccessControlHandler {
     protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
       $access = parent::checkAccess($entity, $operation, $account);

  -    if ($operation === 'view') {
  +    if ($operation == 'view') {
         $access = $access->orIf(AccessResult::allowedIfHasPermission($account, 'access ' . $entity->getEntityTypeId()));
       }
  +
       return $access;
     }

  +
  +  /**
  +   * {@inheritdoc}
  +   */
  +  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
  +    $access = parent::checkCreateAccess($account, $context, $entity_bundle);
  +    $entity_type_id = $this->entityTypeId;
  +    if (!$entity_bundle) {
  +      $access = $access->orIf(AccessResult::allowedIf($account->hasPermission("access $entity_type_id overview")))->cachePerPermissions();
  +    }
  +    else {
  +      $access = $access->orIf(AccessResult::allowedIf($account->hasPermission("create $entity_bundle $entity_type_id")))->cachePerPermissions();
  +    }
  +
  +    return $access;
  +  }
   }
  diff --git a/modules/contrib/entity/src/Controller/EntityCreateController.php b/modules/contrib/entity/src/Controller/EntityCreateController.php
  index bece86b..1045336 100644
  --- a/modules/contrib/entity/src/Controller/EntityCreateController.php
  +++ b/modules/contrib/entity/src/Controller/EntityCreateController.php
  @@ -86,7 +86,7 @@ public function addPage($entity_type_id, Request $request) {
       ];
       $bundles = $this->entityTypeBundleInfo->getBundleInfo($entity_type_id);
       // Filter out the bundles the user doesn't have access to.
  -    $access_control_handler = $this->entityTypeManager()->getAccessControlHandler($bundle_type);
  +    $access_control_handler = $this->entityTypeManager()->getAccessControlHandler($entity_type_id);
       foreach ($bundles as $bundle_name => $bundle_info) {
         $access = $access_control_handler->createAccess($bundle_name, NULL, [], TRUE);
         if (!$access->isAllowed()) {
  diff --git a/modules/custom/nica_entity/src/Entity/Routing/CrudUiRouteProvider.php b/modules/custom/nica_entity/src/Entity/Routing/CrudUiRouteProvider.php
  index daed182..c236f76 100644
  --- a/modules/custom/nica_entity/src/Entity/Routing/CrudUiRouteProvider.php
  +++ b/modules/custom/nica_entity/src/Entity/Routing/CrudUiRouteProvider.php
  @@ -59,6 +59,7 @@ protected function addPageRoute(EntityTypeInterface $entity_type) {
     protected function addFormRoute(EntityTypeInterface $entity_type) {
       if ($route = parent::addFormRoute($entity_type)) {
         $route->setOption('_admin_route', TRUE);
  +      $route->setRequirement('_entity_create_access', $entity_type->id() . ':{type}');
         return $route;
       }
     }

[heddn]

OK, I've opened some PRs to move in the direction of getting this working.

[heddn]

Remaining is permissions for update and permission for revisions (revisions are spelled out in #44 & #56)

[heddn]

OK, #60 has everything for non-revisions permission checks. In manual testing on this site, it seems to fix the issue.

[Jaesin]

Fixed by #78