Revert "Issue #2799049 by AaronBauman, jungle, hussainweb, Neograph734, a_mitch, anmolgoyal74, Hardik_Patel_12, geek-merlin, cilefen, eblue, fmueller_previon, Anas_maw, rensingh99, Abhijith S, yepa, Ruchi Joshi, Stephen Ollman, dww, alexpott, catch, benjifisher, Wim Leers: Add new permission to view user email field"

This reverts commit 84c8b1e1d9.

core/modules/jsonapi/tests/src/Functional/UserTest.php

@@ -412,18 +412,6 @@ class UserTest extends ResourceTestBase {
     $this->assertArrayNotHasKey('mail', $doc['data'][2]['attributes']);
     $this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
     $this->assertArrayHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
-
-    // Now grant permission to access user mail and verify.
-    $this->grantPermissionsToTestedRole(['access user mail']);
-    // Viewing user A as user B: "mail" field should be accessible.
-    $response = $this->request('GET', $user_a_url, $request_options);
-    $doc = Json::decode((string) $response->getBody());
-    $this->assertArrayHasKey('mail', $doc['data']['attributes']);
-    // Also when looking at the collection.
-    $response = $this->request('GET', $collection_url, $request_options);
-    $doc = Json::decode((string) $response->getBody());
-    $this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
-    $this->assertArrayHasKey('mail', $doc['data'][2]['attributes']);
   }
 
   /**

core/modules/user/src/UserAccessControlHandler.php

@@ -113,15 +113,10 @@ class UserAccessControlHandler extends EntityAccessControlHandler {
           return AccessResult::neutral();
         }
 
-      case 'mail':
-        // Only check for the access user mail permission and a view operation.
-        // Use case fall-through for all other cases.
-        if ($operation == 'view' && $account->hasPermission('access user mail')) {
-          return AccessResult::allowed()->cachePerPermissions();
-        }
       case 'preferred_langcode':
       case 'preferred_admin_langcode':
       case 'timezone':
+      case 'mail':
         // Allow view access to own mail address and other personalization
         // settings.
         if ($operation == 'view') {

core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php

@@ -32,13 +32,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
    */
   protected $viewer;
 
-  /**
-   * The mock user account with 'access user mail' permission.
-   *
-   * @var \Drupal\Core\Session\AccountInterface
-   */
-  protected $emailViewer;
-
   /**
    * The mock user account that is able to change their own account name.
    *
@@ -103,18 +96,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
       ->method('hasPermission')
       ->will($this->returnValue(TRUE));
 
-    $this->emailViewer = $this->createMock('\Drupal\Core\Session\AccountInterface');
-    $this->emailViewer
-      ->expects($this->any())
-      ->method('hasPermission')
-      ->will($this->returnValueMap([
-        ['access user mail', TRUE],
-      ]));
-    $this->emailViewer
-      ->expects($this->any())
-      ->method('id')
-      ->will($this->returnValue(3));
-
     $entity_type = $this->createMock('Drupal\Core\Entity\EntityTypeInterface');
 
     $this->accessControlHandler = new UserAccessControlHandler($entity_type);
@@ -259,14 +240,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
         'view' => TRUE,
         'edit' => TRUE,
       ];
-      $access_info[] = [
-        'field' => $field,
-        'viewer' => 'emailViewer',
-        'target' => 'owner',
-        'view' => $field === 'mail',
-        // See note above.
-        'edit' => TRUE,
-      ];
     }
 
     return $access_info;

core/modules/user/user.permissions.yml

@@ -11,9 +11,6 @@ administer users:
   restrict access: true
 access user profiles:
   title: 'View user information'
-access user mail:
-  title: 'View user email addresses'
-  description: 'Users without this permission will not have access to email addresses on user pages or other places where they might be shown, such as Views and JSON:API responses.'
 change own username:
   title: 'Change own username'
 select account cancellation method: