Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
entity_access calls do not send the provided bundle parameter making, f.e fieldable_panels_pane to return FALSE even if the user has access to create content for a specific bundle.
Comment | File | Size | Author |
---|---|---|---|
#7 | references_dialog-1856978-7.patch | 1.14 KB | jaydub |
#4 | references_dialog-1856978-4.patch | 1.18 KB | devuo |
#2 | references_dialog-1856978-2.patch | 832 bytes | devuo |
references-dialog-bundle-entity_access.patch | 804 bytes | cscit | |
Comments
Comment #1
rogical CreditAttribution: rogical commentedComment #2
devuo CreditAttribution: devuo commentedentity_access() expects the third parameter to be an entity object. This is not always true for references_dialog as I was having the following notices:
The attached patch solves this issue.
Comment #3
devuo CreditAttribution: devuo commentedActually, scratch that. While this "solves" the issue, the patch in #2 bypasses per bundle access control.
Comment #4
devuo CreditAttribution: devuo commentedGiven that neither Entity API and drupal provide a generic method to check access, per bundle, for create operations, this has to be implemented on a case by case basis. The attached patch does just that for node entities. We should, however, provide an hook for modules wishing to extend this functionality for their own entities.
Comment #5
rogical CreditAttribution: rogical commentedYes, here we need a hook, for now, this patch is ok.
Comment #6
rogical CreditAttribution: rogical commentedYes, here we need a hook, for now, this patch is ok.
Comment #7
jaydub CreditAttribution: jaydub commentedPatch doesn't apply against HEAD so rerolled for 1.x-dev version.
Comment #8
rogical CreditAttribution: rogical commentedcommitted.
Comment #10
manuelBS CreditAttribution: manuelBS commentedI am not able to apply the patch https://drupal.org/files/references_dialog-1856978-7.patch at all, please see http://screencast.com/t/4Lsh9ppQKm
Is there a patch for the alpha4 version or when will a new module version be released that includes the patch?
Comment #11
David_Rothstein CreditAttribution: David_Rothstein commentedI started to write a patch for this before realizing it was already fixed in the dev version... For what it's worth, my approach would have continued to use entity_access() in all cases:
But it requires fixing #1780646: entity_access() fails to check node type specific create access in the Entity module in order to work.
Comment #12
David_Rothstein CreditAttribution: David_Rothstein commented@manuelBS, the patch in #4 should work for alpha4.
Comment #13
manuelBS CreditAttribution: manuelBS commentedI see thanks for this hint. Now works for me, too.