Merge branch 'feature/ISTWCMS-5190-ibiki-dashboard-access' into '1.0.x'

ISTWCMS-5190: Using access denied instead of 404 when user has no edit permissions.

See merge request !176

src/Access/UwNodeAccessCheck.php

@@ -8,7 +8,6 @@ use Drupal\Core\Routing\RouteMatchInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\menu_admin_per_menu\Access\MenuAdminPerMenuAccess;
 use Drupal\uw_cfg_common\Service\UWService;
-use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * Checks access for displaying configuration translation page.
@@ -65,19 +64,17 @@ class UwNodeAccessCheck implements AccessInterface {
     $node = $route_match->getParameter('node');
 
     // Check if this is a sidebar content type and if the user has permission
-    // to edit the content type. We want to throw a 404 (NotFoundHttpException)
-    // if they do not have access.  This is the case when a user is not logged
-    // in, and when they do not have permission to edit it.
+    // to edit the content type. Return access denied when user has no edit
+    // permission.
     if ($node && $node->bundle() == 'uw_ct_sidebar' && !$account->hasPermission('edit any uw_ct_sidebar content')) {
-      throw new NotFoundHttpException();
+      return AccessResult::forbidden();
     }
 
     // Check if this is a sidebar content type and if the user has permission
-    // to edit the content type. We want to throw a 404 (NotFoundHttpException)
-    // if they do not have access.  This is the case when a user is not logged
-    // in, and when they do not have permission to edit it.
+    // to edit the content type. Return access denied when user has no edit
+    // permission.
     if ($node && $node->bundle() == 'uw_ct_site_footer' && !$account->hasPermission('edit any uw_ct_site_footer content')) {
-      throw new NotFoundHttpException();
+      return AccessResult::forbidden();
     }
 
     // We have to return some type of access, so we are going to return