Add "argument validator" views plugin for domain [#1911034]

The attached patch implements a new argument validation plugin to check if a domain ID is valid. The validator may optionally be set to also verify the current user's domain memberships or node grants.

The validation logic is somewhat derived from domain_views_access(), but I'm not sure I really understood what was going on with strict option for checking node grants.

Comment	File	Size	Author
	domain_views-plugin_argument_validate_domain.patch	3.46 KB	Les Lim

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

agentrickard

he/him

English

Georgia (US)

CreditAttribution: agentrickard commented 8 February 2013 at 18:50

Status:

Needs review

» Needs work

I don't understand how this is working. A validator should ensure that the value is valid, not worry about access.

For instance, this logic just seems wrong to me:

   // Respect "Bypass views access control" permission.
   if (user_access('access all views')) {
     return TRUE;
   }

If the passed argument is "FOO", and FOO is not a domain, then why return TRUE?

I think you just need the validate_argument method, and it should load the passed argument to check if a valid domain is returned.

Comment #2

Les Lim

he/they

English

CreditAttribution: Les Lim commented 8 February 2013 at 19:25

If the passed argument is "FOO", and FOO is not a domain, then why return TRUE?

The check directly above that should have already returned FALSE in that case:

    // Ensure that the argument represents an active domain.
    $domains = domain_domains();
    if (empty($domains[$argument])){
      return FALSE;
    }

A validator should ensure that the value is valid, not worry about access.

I'd argue access validation is still validation. There's precedent for that in the Views module itself; if you look at the "Content" argument validator, there's a configuration section for "Validate user has access to the content".