From ebbd5599e179247ec73e44a2c56fcf5664cde70a Mon Sep 17 00:00:00 2001
From: l26yan <l26yan@uwaterloo.ca>
Date: Fri, 25 Feb 2022 10:47:44 -0500
Subject: [PATCH] ISTWCMS-5414 Make expand/collapse nodes not visible to people
 who don't have permission to edit them

---
 src/Access/UwNodeAccessCheck.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Access/UwNodeAccessCheck.php b/src/Access/UwNodeAccessCheck.php
index ff846aaa..ed445b70 100644
--- a/src/Access/UwNodeAccessCheck.php
+++ b/src/Access/UwNodeAccessCheck.php
@@ -77,6 +77,12 @@ class UwNodeAccessCheck implements AccessInterface {
       return AccessResult::forbidden();
     }
 
+    // The Expand/collapse group nodes should only be visible if the logged-in
+    // users have 'Expand/collapse group: Edit any content' permission.
+    if ($node && $node->bundle() == 'uw_ct_expand_collapse_group' && !$account->hasPermission('edit any uw_ct_expand_collapse_group content')) {
+      return AccessResult::forbidden();
+    }
+
     // We have to return some type of access, so we are going to return
     // allowed, if they do not have access, the new exception is going to be
     // thrown above.
-- 
GitLab