Issue #3030477 by Manuel Garcia, Anas_maw: Views filter "Published status or...

Issue #3030477 by Manuel Garcia, Anas_maw: Views filter "Published status or admin user" not checking "View any unpublished content" permission

core/modules/content_moderation/content_moderation.views_execution.inc

+<?php
+
+/**
+ * @file
+ * Provide views runtime hooks for content_moderation.module.
+ */
+
+use Drupal\views\ViewExecutable;
+
+/**
+ * Implements hook_views_query_substitutions().
+ */
+function content_moderation_views_query_substitutions(ViewExecutable $view) {
+  $account = \Drupal::currentUser();
+  return [
+    '***VIEW_ANY_UNPUBLISHED_NODES***' => intval($account->hasPermission('view any unpublished content')),
+  ];
+}

core/modules/node/src/Plugin/views/filter/Status.php

@@ -24,7 +24,11 @@ public function canExpose() {
 
   public function query() {
     $table = $this->ensureMyTable();
-    $this->query->addWhereExpression($this->options['group'], "$table.status = 1 OR ($table.uid = ***CURRENT_USER*** AND ***CURRENT_USER*** <> 0 AND ***VIEW_OWN_UNPUBLISHED_NODES*** = 1) OR ***BYPASS_NODE_ACCESS*** = 1");
+    $snippet = "$table.status = 1 OR ($table.uid = ***CURRENT_USER*** AND ***CURRENT_USER*** <> 0 AND ***VIEW_OWN_UNPUBLISHED_NODES*** = 1) OR ***BYPASS_NODE_ACCESS*** = 1";
+    if ($this->moduleHandler->moduleExists('content_moderation')) {
+      $snippet .= ' OR ***VIEW_ANY_UNPUBLISHED_NODES*** = 1';
+    }
+    $this->query->addWhereExpression($this->options['group'], $snippet);
   }
 
   /**

core/modules/node/tests/src/Functional/Views/StatusExtraTest.php

@@ -12,6 +12,11 @@
  */
 class StatusExtraTest extends NodeTestBase {
 
+  /**
+   * {@inheritdoc}
+   */
+  public static $modules = ['node_test_views', 'content_moderation'];
+
   /**
    * Views used by this test.
    *
@@ -26,6 +31,7 @@ public function testStatusExtra() {
     $node_author = $this->drupalCreateUser(['view own unpublished content']);
     $node_author_not_unpublished = $this->drupalCreateUser();
     $normal_user = $this->drupalCreateUser();
+    $privileged_user = $this->drupalCreateUser(['view any unpublished content']);
     $admin_user = $this->drupalCreateUser(['bypass node access']);
 
     // Create one published and one unpublished node by the admin.
@@ -47,6 +53,14 @@ public function testStatusExtra() {
     $this->assertText($node_unpublished2->label());
     $this->assertText($node_unpublished3->label());
 
+    // The privileged user should simply see all nodes.
+    $this->drupalLogin($privileged_user);
+    $this->drupalGet('test_status_extra');
+    $this->assertText($node_published->label());
+    $this->assertText($node_unpublished->label());
+    $this->assertText($node_unpublished2->label());
+    $this->assertText($node_unpublished3->label());
+
     // The node author should see the published node and his own node.
     $this->drupalLogin($node_author);
     $this->drupalGet('test_status_extra');