From 311bc9114d24032f7b93eda47124ec9f83c0d70b Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Thu, 8 Apr 2021 17:40:33 +0100
Subject: [PATCH] Revert "Issue #2799049 by AaronBauman, jungle, hussainweb,
 Neograph734, a_mitch, anmolgoyal74, Hardik_Patel_12, geek-merlin, cilefen,
 eblue, fmueller_previon, Anas_maw, rensingh99, Abhijith S, yepa, Ruchi Joshi,
 Stephen Ollman, dww, alexpott, catch, benjifisher, Wim Leers: Add new
 permission to view user email field"

This reverts commit 84c8b1e1d90615c6891f5520b822364e2eb58a0e.
---
 .../jsonapi/tests/src/Functional/UserTest.php | 12 ---------
 .../user/src/UserAccessControlHandler.php     |  7 +----
 .../src/Unit/UserAccessControlHandlerTest.php | 27 -------------------
 core/modules/user/user.permissions.yml        |  3 ---
 4 files changed, 1 insertion(+), 48 deletions(-)

diff --git a/core/modules/jsonapi/tests/src/Functional/UserTest.php b/core/modules/jsonapi/tests/src/Functional/UserTest.php
index 5261f4d5f28..b08df8eb26b 100644
--- a/core/modules/jsonapi/tests/src/Functional/UserTest.php
+++ b/core/modules/jsonapi/tests/src/Functional/UserTest.php
@@ -412,18 +412,6 @@ class UserTest extends ResourceTestBase {
     $this->assertArrayNotHasKey('mail', $doc['data'][2]['attributes']);
     $this->assertSame($user_b->uuid(), $doc['data'][count($doc['data']) - 1]['id']);
     $this->assertArrayHasKey('mail', $doc['data'][count($doc['data']) - 1]['attributes']);
-
-    // Now grant permission to access user mail and verify.
-    $this->grantPermissionsToTestedRole(['access user mail']);
-    // Viewing user A as user B: "mail" field should be accessible.
-    $response = $this->request('GET', $user_a_url, $request_options);
-    $doc = Json::decode((string) $response->getBody());
-    $this->assertArrayHasKey('mail', $doc['data']['attributes']);
-    // Also when looking at the collection.
-    $response = $this->request('GET', $collection_url, $request_options);
-    $doc = Json::decode((string) $response->getBody());
-    $this->assertSame($user_a->uuid(), $doc['data']['2']['id']);
-    $this->assertArrayHasKey('mail', $doc['data'][2]['attributes']);
   }
 
   /**
diff --git a/core/modules/user/src/UserAccessControlHandler.php b/core/modules/user/src/UserAccessControlHandler.php
index 597acfcb556..2c67acb1be2 100644
--- a/core/modules/user/src/UserAccessControlHandler.php
+++ b/core/modules/user/src/UserAccessControlHandler.php
@@ -113,15 +113,10 @@ class UserAccessControlHandler extends EntityAccessControlHandler {
           return AccessResult::neutral();
         }
 
-      case 'mail':
-        // Only check for the access user mail permission and a view operation.
-        // Use case fall-through for all other cases.
-        if ($operation == 'view' && $account->hasPermission('access user mail')) {
-          return AccessResult::allowed()->cachePerPermissions();
-        }
       case 'preferred_langcode':
       case 'preferred_admin_langcode':
       case 'timezone':
+      case 'mail':
         // Allow view access to own mail address and other personalization
         // settings.
         if ($operation == 'view') {
diff --git a/core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php b/core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php
index 6a51692aea9..c7195d126ea 100644
--- a/core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php
+++ b/core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php
@@ -32,13 +32,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
    */
   protected $viewer;
 
-  /**
-   * The mock user account with 'access user mail' permission.
-   *
-   * @var \Drupal\Core\Session\AccountInterface
-   */
-  protected $emailViewer;
-
   /**
    * The mock user account that is able to change their own account name.
    *
@@ -103,18 +96,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
       ->method('hasPermission')
       ->will($this->returnValue(TRUE));
 
-    $this->emailViewer = $this->createMock('\Drupal\Core\Session\AccountInterface');
-    $this->emailViewer
-      ->expects($this->any())
-      ->method('hasPermission')
-      ->will($this->returnValueMap([
-        ['access user mail', TRUE],
-      ]));
-    $this->emailViewer
-      ->expects($this->any())
-      ->method('id')
-      ->will($this->returnValue(3));
-
     $entity_type = $this->createMock('Drupal\Core\Entity\EntityTypeInterface');
 
     $this->accessControlHandler = new UserAccessControlHandler($entity_type);
@@ -259,14 +240,6 @@ class UserAccessControlHandlerTest extends UnitTestCase {
         'view' => TRUE,
         'edit' => TRUE,
       ];
-      $access_info[] = [
-        'field' => $field,
-        'viewer' => 'emailViewer',
-        'target' => 'owner',
-        'view' => $field === 'mail',
-        // See note above.
-        'edit' => TRUE,
-      ];
     }
 
     return $access_info;
diff --git a/core/modules/user/user.permissions.yml b/core/modules/user/user.permissions.yml
index 29566c799c2..984b5ce118f 100644
--- a/core/modules/user/user.permissions.yml
+++ b/core/modules/user/user.permissions.yml
@@ -11,9 +11,6 @@ administer users:
   restrict access: true
 access user profiles:
   title: 'View user information'
-access user mail:
-  title: 'View user email addresses'
-  description: 'Users without this permission will not have access to email addresses on user pages or other places where they might be shown, such as Views and JSON:API responses.'
 change own username:
   title: 'Change own username'
 select account cancellation method: