X-Git-Url: http://aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Fmodules%2Ftaxonomy%2Fsrc%2FTermAccessControlHandler.php;h=b25dca4627b9fb4d9a54733f617b2ba2c1763fee;hb=5b8bb166bfa98770daef9de5c127fc2e6ef02340;hp=04c2c4f3fb7d1aba9ddba9971643a0c4bd6ea73f;hpb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;p=yaffs-website

diff --git a/web/core/modules/taxonomy/src/TermAccessControlHandler.php b/web/core/modules/taxonomy/src/TermAccessControlHandler.php
index 04c2c4f3f..b25dca462 100644
--- a/web/core/modules/taxonomy/src/TermAccessControlHandler.php
+++ b/web/core/modules/taxonomy/src/TermAccessControlHandler.php
@@ -18,19 +18,37 @@ class TermAccessControlHandler extends EntityAccessControlHandler {
    * {@inheritdoc}
    */
   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
+    if ($account->hasPermission('administer taxonomy')) {
+      return AccessResult::allowed()->cachePerPermissions();
+    }
+
     switch ($operation) {
       case 'view':
-        return AccessResult::allowedIfHasPermission($account, 'access content');
+        $access_result = AccessResult::allowedIf($account->hasPermission('access content') && $entity->isPublished())
+          ->cachePerPermissions()
+          ->addCacheableDependency($entity);
+        if (!$access_result->isAllowed()) {
+          $access_result->setReason("The 'access content' permission is required and the taxonomy term must be published.");
+        }
+        return $access_result;
 
       case 'update':
-        return AccessResult::allowedIfHasPermissions($account, ["edit terms in {$entity->bundle()}", 'administer taxonomy'], 'OR');
+        if ($account->hasPermission("edit terms in {$entity->bundle()}")) {
+          return AccessResult::allowed()->cachePerPermissions();
+        }
+
+        return AccessResult::neutral()->setReason("The following permissions are required: 'edit terms in {$entity->bundle()}' OR 'administer taxonomy'.");
 
       case 'delete':
-        return AccessResult::allowedIfHasPermissions($account, ["delete terms in {$entity->bundle()}", 'administer taxonomy'], 'OR');
+        if ($account->hasPermission("delete terms in {$entity->bundle()}")) {
+          return AccessResult::allowed()->cachePerPermissions();
+        }
+
+        return AccessResult::neutral()->setReason("The following permissions are required: 'delete terms in {$entity->bundle()}' OR 'administer taxonomy'.");
 
       default:
         // No opinion.
-        return AccessResult::neutral();
+        return AccessResult::neutral()->cachePerPermissions();
     }
   }
 
@@ -38,7 +56,7 @@ class TermAccessControlHandler extends EntityAccessControlHandler {
    * {@inheritdoc}
    */
   protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
-    return AccessResult::allowedIfHasPermission($account, 'administer taxonomy');
+    return AccessResult::allowedIfHasPermissions($account, ["create terms in $entity_bundle", 'administer taxonomy'], 'OR');
   }
 
 }