Updated to Drupal 8.5. Core Media not yet in use.

[yaffs-website] / web / core / modules / block_content / src / BlockContentAccessControlHandler.php

diff --git a/web/core/modules/block_content/src/BlockContentAccessControlHandler.php b/web/core/modules/block_content/src/BlockContentAccessControlHandler.php
index d0c19c56dff9b360b95e894caa1216168ed1b636..7079ef48495181081194a601eaab7c581643c176 100644 (file)
--- a/web/core/modules/block_content/src/BlockContentAccessControlHandler.php
+++ b/web/core/modules/block_content/src/BlockContentAccessControlHandler.php
@@ -19,7 +19,8 @@ class BlockContentAccessControlHandler extends EntityAccessControlHandler {
    */
   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
     if ($operation === 'view') {
-      return AccessResult::allowed();
+      return AccessResult::allowedIf($entity->isPublished())->addCacheableDependency($entity)
+        ->orIf(AccessResult::allowedIfHasPermission($account, 'administer blocks'));
     }
     return parent::checkAccess($entity, $operation, $account);
   }