Issue #3419548 by amateescu, smustgrave, malcomio: Workspace switcher block does not check access

core/modules/workspaces/src/Plugin/Block/WorkspaceSwitcherBlock.php

@@ -2,11 +2,14 @@
 
 namespace Drupal\workspaces\Plugin\Block;
 
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Access\AccessResultInterface;
 use Drupal\Core\Block\Attribute\Block;
 use Drupal\Core\Block\BlockBase;
 use Drupal\Core\Entity\EntityTypeManagerInterface;
 use Drupal\Core\Form\FormBuilderInterface;
 use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\StringTranslation\TranslatableMarkup;
 use Drupal\workspaces\Form\WorkspaceSwitcherForm;
 use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -82,4 +85,15 @@ class WorkspaceSwitcherBlock extends BlockBase implements ContainerFactoryPlugin
     return $build;
   }
 
+  /**
+   * {@inheritdoc}
+   */
+  protected function blockAccess(AccountInterface $account): AccessResultInterface {
+    return AccessResult::allowedIfHasPermissions($account, [
+      'view own workspace',
+      'view any workspace',
+      'administer workspaces',
+    ], 'OR');
+  }
+
 }

core/modules/workspaces/tests/src/Functional/WorkspaceSwitcherTest.php

@@ -53,6 +53,11 @@ class WorkspaceSwitcherTest extends BrowserTestBase {
     $this->createAndActivateWorkspaceThroughUi('Vultures', 'vultures');
     $gravity = $this->createWorkspaceThroughUi('Gravity', 'gravity');
 
+    // Confirm the block shows on the front page.
+    $this->drupalGet('<front>');
+    $page = $this->getSession()->getPage();
+    $this->assertTrue($page->hasContent('Workspace switcher'));
+
     $this->drupalGet('/admin/config/workflow/workspaces/manage/' . $gravity->id() . '/activate');
 
     $this->assertSession()->statusCodeEquals(200);

core/modules/workspaces/tests/src/Functional/WorkspaceTest.php

@@ -248,7 +248,6 @@ class WorkspaceTest extends BrowserTestBase {
    */
   public function testDeleteWorkspaceWithExistingContent() {
     $this->createContentType(['type' => 'test', 'label' => 'Test']);
-    $this->setupWorkspaceSwitcherBlock();
 
     // Login and create a workspace.
     $this->drupalLogin($this->rootUser);

core/modules/workspaces/tests/src/Functional/WorkspaceTestUtilities.php

@@ -110,12 +110,8 @@ trait WorkspaceTestUtilities {
       'region' => 'sidebar_first',
       'label' => 'Workspace switcher',
     ]);
-
-    // Confirm the block shows on the front page.
     $this->drupalGet('<front>');
-    $page = $this->getSession()->getPage();
 
-    $this->assertTrue($page->hasContent('Workspace switcher'));
     $this->switcherBlockConfigured = TRUE;
   }
 

core/modules/workspaces/tests/src/Kernel/WorkspaceAccessTest.php

@@ -223,4 +223,26 @@ class WorkspaceAccessTest extends KernelTestBase {
     $this->assertEquals($expected_top, array_keys($selection_handler->getReferenceableEntities('top')['workspace']));
   }
 
+  /**
+   * @covers \Drupal\workspaces\Plugin\Block\WorkspaceSwitcherBlock::blockAccess
+   */
+  public function testWorkspaceSwitcherBlock(): void {
+    $own_permission_user = $this->createUser(['view own workspace']);
+    $any_permission_user = $this->createUser(['view any workspace']);
+    $admin_permission_user = $this->createUser(['administer workspaces']);
+    $access_content_user = $this->createUser(['access content']);
+    $no_permission_user = $this->createUser();
+
+    /** @var \Drupal\Core\Block\BlockManagerInterface $block_manager */
+    $block_manager = \Drupal::service('plugin.manager.block');
+    /** @var \Drupal\Core\Block\BlockPluginInterface $switcher_block */
+    $switcher_block = $block_manager->createInstance('workspace_switcher');
+
+    $this->assertTrue($switcher_block->access($own_permission_user));
+    $this->assertTrue($switcher_block->access($any_permission_user));
+    $this->assertTrue($switcher_block->access($admin_permission_user));
+    $this->assertFalse($switcher_block->access($access_content_user));
+    $this->assertFalse($switcher_block->access($no_permission_user));
+  }
+
 }