From 38e1bade4a1efbb00d6ef17db2c9290f7d9a531a Mon Sep 17 00:00:00 2001
From: Igor Biki <ibiki@uwaterloo.ca>
Date: Tue, 23 Nov 2021 07:43:19 -0500
Subject: [PATCH] ISTWCMS-5190: Using access denied instead of 404 when user
 has no edit permissions.

---
 src/Access/UwNodeAccessCheck.php | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/Access/UwNodeAccessCheck.php b/src/Access/UwNodeAccessCheck.php
index 1d0a61e7..f5097ce7 100644
--- a/src/Access/UwNodeAccessCheck.php
+++ b/src/Access/UwNodeAccessCheck.php
@@ -8,7 +8,6 @@ use Drupal\Core\Routing\RouteMatchInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\menu_admin_per_menu\Access\MenuAdminPerMenuAccess;
 use Drupal\uw_cfg_common\Service\UWService;
-use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * Checks access for displaying configuration translation page.
@@ -65,19 +64,17 @@ class UwNodeAccessCheck implements AccessInterface {
     $node = $route_match->getParameter('node');
 
     // Check if this is a sidebar content type and if the user has permission
-    // to edit the content type. We want to throw a 404 (NotFoundHttpException)
-    // if they do not have access.  This is the case when a user is not logged
-    // in, and when they do not have permission to edit it.
+    // to edit the content type. Return access denied when user has no edit
+    // permission.
     if ($node && $node->bundle() == 'uw_ct_sidebar' && !$account->hasPermission('edit any uw_ct_sidebar content')) {
-      throw new NotFoundHttpException();
+      return AccessResult::forbidden();
     }
 
     // Check if this is a sidebar content type and if the user has permission
-    // to edit the content type. We want to throw a 404 (NotFoundHttpException)
-    // if they do not have access.  This is the case when a user is not logged
-    // in, and when they do not have permission to edit it.
+    // to edit the content type. Return access denied when user has no edit
+    // permission.
     if ($node && $node->bundle() == 'uw_ct_site_footer' && !$account->hasPermission('edit any uw_ct_site_footer content')) {
-      throw new NotFoundHttpException();
+      return AccessResult::forbidden();
     }
 
     // We have to return some type of access, so we are going to return
-- 
GitLab