Expose the deny field on the ACL form and fix current test failures

CRM/ACL/BAO/ACL.php

@@ -522,7 +522,7 @@ protected static function loadPermittedIDs(int $contactID, string $tableName, in
    *
    * @return array
    */
-  private function loadDenyIDs(int $contactID, string $tableName, int $type, $allGroups): array {
+  private static function loadDenyIDs(int $contactID, string $tableName, int $type, $allGroups): array {
     $ids = [];
     $acls = CRM_ACL_BAO_Cache::build($contactID);
     $aclKeys = array_keys($acls);

CRM/ACL/Form/ACL.php

@@ -160,7 +160,7 @@ public function buildQuickForm() {
     $this->add('select', 'event_id', ts('Event'), $event);
 
     $this->add('checkbox', 'is_active', ts('Enabled?'));
-    $this->add('advcheckbox', 'deny', ts('Negate access');
+    $this->add('advcheckbox', 'deny', ts('Negate access'));
 
     $this->addFormRule(['CRM_ACL_Form_ACL', 'formRule']);
   }
@@ -254,7 +254,6 @@ public function postProcess() {
     else {
       $params = $this->controller->exportValues($this->_name);
       $params['is_active'] = CRM_Utils_Array::value('is_active', $params, FALSE);
-      $params['deny'] = 0;
       $params['entity_table'] = 'civicrm_acl_role';
 
       // Figure out which type of object we're permissioning on and set object_table and object_id.

CRM/ACL/Page/ACL.php

@@ -133,6 +133,7 @@ public function browse() {
       $acl[$dao->id]['object_table'] = $dao->object_table;
       $acl[$dao->id]['object_id'] = $dao->object_id;
       $acl[$dao->id]['is_active'] = $dao->is_active;
+      $acl[$dao->id]['deny'] = $dao->deny;
 
       if ($acl[$dao->id]['entity_id']) {
         $acl[$dao->id]['entity'] = $roles[$acl[$dao->id]['entity_id']] ?? NULL;

CRM/Core/Form/Search.php

@@ -96,6 +96,13 @@ protected function buildTaskList() {
 
   protected $_reset;
 
+  /**
+   * Saved Search ID
+   *
+   * @var int
+   */
+  public $_ssID;
+
   /**
    * @return array
    */

templates/CRM/ACL/Form/ACL.tpl

@@ -32,7 +32,7 @@
      <tr class="crm-acl-form-block-operation">
          <td class="label">{$form.operation.label}</td>
          <td>{$form.operation.html}<br />
-            <span class="description">{ts}What type of operation (action) is being permitted?{/ts}</span>
+            <span class="description">{ts}What type of operation (action) is being referenced?{/ts}</span>
          </td>
      </tr>
      <tr class="crm-acl-form-block-object_type">
@@ -45,6 +45,10 @@
            <div class="status description">{ts}IMPORTANT: The Drupal permissions for 'access all custom data' and 'profile listings and forms' override and disable specific ACL settings for custom field groups and profiles respectively. Do not enable those Drupal permissions for a Drupal role if you want to use CiviCRM ACL's to control access.{/ts}</div></td>
         {/if}
      </tr>
+     <tr class="crm-acl-form-block-deny">
+       <td class="label">{$form.deny.label}</td>
+       <td>{$form.deny.html}</td>
+     </tr>
   </table>
   <div id="id-group-acl">
    <table  class="form-layout-compressed">

templates/CRM/ACL/Page/ACL.tpl

@@ -30,6 +30,7 @@
               <th>{ts}Which Data{/ts}</th>
               <th>{ts}Description{/ts}</th>
               <th>{ts}Enabled?{/ts}</th>
+              <th>{ts}Negate?{/ts}</th>
               <th></th>
             </tr>
             </thead>
@@ -42,6 +43,7 @@
                 <td class="crm-acl-object" >{$row.object}</td>
                 <td class="crm-acl-name crm-editable" data-field="name">{$row.name}</td>
                 <td class="crm-acl-is_active" id="row_{$aclID}_status">{if $row.is_active eq 1} {ts}Yes{/ts} {else} {ts}No{/ts} {/if}</td>
+                <td class="crm-acl-deny" id="row_{$aclID}_deny">{if $row.deny eq 1} {ts}Yes{/ts} {else} {ts}No{/ts} {/if}</td>
                 <td>{$row.action|replace:'xx':$aclID}</td>
               </tr>
             {/foreach}