From 11fb9c8fc8c4a158cc7da14f201bcbd0c2332056 Mon Sep 17 00:00:00 2001
From: Karoly Negyesi <chx1975@gmail.com>
Date: Thu, 4 Aug 2016 15:50:08 -0700
Subject: [PATCH] og_entity_access is too strict

---
 og.module | 40 +++++++++++++++-------------------------
 1 file changed, 15 insertions(+), 25 deletions(-)

diff --git a/og.module b/og.module
index b56b110c5..67f4655a4 100755
--- a/og.module
+++ b/og.module
@@ -112,41 +112,31 @@ function og_entity_field_access($operation, FieldDefinitionInterface $field_defi
  */
 function og_entity_access(EntityInterface $entity, $operation, AccountInterface $account) {
   // We only care about content entities that are groups or group content.
-  if (!$entity instanceof ContentEntityInterface) {
-    return AccessResult::neutral();
-  }
-
-  if ($operation == 'view') {
+  if (!$entity instanceof ContentEntityInterface || $operation == 'view') {
     return AccessResult::neutral();
   }
 
   $entity_type_id = $entity->getEntityTypeId();
   $bundle_id = $entity->bundle();
 
-  if (!Og::isGroup($entity_type_id, $bundle_id) && !Og::isGroupContent($entity_type_id, $bundle_id)) {
-    return AccessResult::neutral();
-  }
-
-  // If the user has permission to administer all groups, allow access.
-  if ($account->hasPermission('administer group')) {
-    return AccessResult::allowed();
-  }
-
-  /** @var \Drupal\Core\Access\AccessResult $access */
-  $access = \Drupal::service('og.access')->userAccessEntity($operation, $entity, $account);
+  if (Og::isGroup($entity_type_id, $bundle_id) || Og::isGroupContent($entity_type_id, $bundle_id)) {
+    // If the user has permission to administer all groups, allow access.
+    if ($account->hasPermission('administer group')) {
+      return AccessResult::allowed();
+    }
 
-  if ($access->isAllowed()) {
-    return $access;
-  }
+    /** @var \Drupal\Core\Access\AccessResult $access */
+    $access = \Drupal::service('og.access')->userAccessEntity($operation, $entity, $account);
 
-  if ($entity_type_id == 'node') {
-    $node_access_strict = \Drupal::config('og.settings')->get('node_access_strict');
+    if ($access->isAllowed()) {
+      return $access;
+    }
 
-    // Otherwise, ignore or deny based on whether strict node access is set.
-    return AccessResult::forbiddenIf($node_access_strict);
+    // Otherwise, forbid if strict node access is set.
+    if ($entity_type_id == 'node' && \Drupal::config('og.settings')->get('node_access_strict')) {
+      return AccessResult::forbidden();
+    }
   }
-
-  return AccessResult::forbidden();
 }
 
 /**