operation options mismatch [#1955882]

In the entityform_access function, the comments indicate

@param $op
The operation being performed. One of 'view', 'update', 'create', 'delete'

But in the function code, I only see non-standard 'submit' and 'confirm' options. None of the standard API operations are included.

I detected this behavior while working with the RESTful Web Services (restws) module.

Comment	File	Size	Author
#3	entityform.module.patch	921 bytes	emmonsaz
#3
#2	entityform.module.patch	657 bytes	emmonsaz
#2

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

tedbow

he/him

English

Ithaca, NY, USA

CreditAttribution: tedbow commented 29 March 2013 at 01:36

The docs for that function do need to be update.

None of the standard API operations are included.

You don't see the standard ones because the are handled by passing $op to user_access

Here

 338   if (isset($entityform) && $type_name && is_object($entityform)) {
 339     if (user_access("$op any entityform", $account)) {
 340       return TRUE;
 341     }
 342     elseif (!empty($user->uid) && $entityform->uid == $user->uid && user_access("$op own entityform", $account)) {
 343       return TRUE;
 344     }
 345   }

There might be a problem with 'create' though. That might be handle correctly if you calling it externally.