From 58f83d95bd62baca0236cccbcb8c9eafd8d1918b Mon Sep 17 00:00:00 2001
From: s j <sj@1729.be>
Date: Mon, 31 Jul 2023 15:08:31 +0200
Subject: [PATCH] fix: I-7756 allow label view on share issue and type

---
 src/ShareIssueAccessControlHandler.php | 8 ++++++++
 src/ShareTypeAccessControlHandler.php  | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/src/ShareIssueAccessControlHandler.php b/src/ShareIssueAccessControlHandler.php
index f212e5dd..98638223 100644
--- a/src/ShareIssueAccessControlHandler.php
+++ b/src/ShareIssueAccessControlHandler.php
@@ -19,6 +19,14 @@ class ShareIssueAccessControlHandler extends EntityAccessControlHandler {
    */
   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
     /** @var \Drupal\shareholder_register\Entity\ShareIssueInterface $entity */
+
+    // We don't treat the Issue label as privileged information, so this check
+    // has to be the first one in order to allow labels for all users to be
+    // viewed, including the special anonymous user.
+    if ($operation === 'view label') {
+      return AccessResult::allowed();
+    }
+
     switch ($operation) {
       case 'view':
         return AccessResult::allowedIfHasPermission($account, 'view all share issue entities');
diff --git a/src/ShareTypeAccessControlHandler.php b/src/ShareTypeAccessControlHandler.php
index ebbc781e..bfb570f4 100644
--- a/src/ShareTypeAccessControlHandler.php
+++ b/src/ShareTypeAccessControlHandler.php
@@ -19,6 +19,14 @@ class ShareTypeAccessControlHandler extends EntityAccessControlHandler {
    */
   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
     /** @var \Drupal\shareholder_register\Entity\ShareTypeInterface $entity */
+
+    // We don't treat the Type label as privileged information, so this check
+    // has to be the first one in order to allow labels for all users to be
+    // viewed, including the special anonymous user.
+    if ($operation === 'view label') {
+      return AccessResult::allowed();
+    }
+
     switch ($operation) {
       case 'view':
         return AccessResult::allowedIfHasPermission($account, 'view all share type entities');
-- 
GitLab