Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In the entityform_access function, the comments indicate
@param $op
The operation being performed. One of 'view', 'update', 'create', 'delete'
But in the function code, I only see non-standard 'submit' and 'confirm' options. None of the standard API operations are included.
I detected this behavior while working with the RESTful Web Services (restws) module.
Comment | File | Size | Author |
---|---|---|---|
#3 | entityform.module.patch | 921 bytes | emmonsaz |
#2 | entityform.module.patch | 657 bytes | emmonsaz |
Comments
Comment #1
tedbowThe docs for that function do need to be update.
You don't see the standard ones because the are handled by passing $op to user_access
Here
There might be a problem with 'create' though. That might be handle correctly if you calling it externally.
Comment #2
emmonsaz CreditAttribution: emmonsaz commentedHow about equating "create" with "submit"?
Comment #3
emmonsaz CreditAttribution: emmonsaz commentedHere's an updated patch that also fixes user id and time issues for programmatically submitted entityforms
Comment #4
tedbowPlease keep this patch just for this issue.
Comment #5
Cruz3r CreditAttribution: Cruz3r commentedI too stumbled on this issue.
View and Delete operations work with the user_access call,
but Update doesn't since the permission is 'edit any entityform'.
Comment #6
a.vakulenko CreditAttribution: a.vakulenko commentedI just put this in entityform.module:
if ($op == 'update') $op = 'edit';