Oh hai we are ignoring your earlier result:

    // Base initial access on the user's basic permission to use this flag.
    $access = $this->user_access($action, $account);

    // Check for additional access rules provided by sub-classes.
    $child_access = $this->type_access($entity_id, $action, $account);
    if (isset($child_access)) {
      $access = $child_access;
    }

If user_access() says FALSE, and type_access() says TRUE, then SHAZAM the user gets access anyway!

Fortunately, only flag_user overrides type_access(), and it returns FALSE or NULL. So that's ok.

I am guessing that the intention is that type_access() can only deny access, not grant it. In other words, it only returns FALSE (to deny) or NULL (to say nothing). However, this needs documenting, HARD.

CommentFileSizeAuthor
#3 flag-1881964-3.patch939 bytescs_shadow
#1 1881964.flag_.type-access-return-docs.patch1013 bytesjoachim

Comments

joachim’s picture

joachim commented
Status: Active » Fixed
StatusFileSize
new 1881964.flag_.type-access-return-docs.patch1013 bytes

Issue #1881964 by joachim: Fixed missing documention for type_access() and type_access_multiple() return value.

joachim’s picture

joachim commented
Version: 7.x-3.x-dev » 7.x-2.x-dev
Status: Fixed » Patch (to be ported)
Issue tags: +Novice

Should be backported.

cs_shadow’s picture

cs_shadow commented
Issue summary: View changes
StatusFileSize
new flag-1881964-3.patch939 bytes

Attaching the patch backported for 7.x-2.x-dev.

cs_shadow’s picture

cs_shadow commented
Status: Patch (to be ported) » Needs review

The last submitted patch, 1: 1881964.flag_.type-access-return-docs.patch, failed testing.

joachim’s picture

joachim commented
Status: Needs review » Fixed

Committed. Sorry for the delay!

  • Commit 54a08b3 on 7.x-2.x authored by cs_shadow, committed by joachim: 
    Issue #1881964 by cs_shadow, joachim: Fixed missing documention for...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.