Under certain conditions, entity_metadata_user_access() throws notices. I initially encountered this via the RDFx and SPARQL endpoint module, and isolated the bug to the follow piece of code:

  node_load(25);
  $wrapper = entity_metadata_wrapper('node', 25);
  $entity = $wrapper->value();

  foreach ($wrapper as $name => $property) {
    if ($property->access('view')) {
      // do something.
    }
  }

It seems that if a node has already been loaded and that you try to run entity_metadata_wrapper() and then the access() method on each of its properties, it sometimes fail when the node->uid = 0 (anonymous). to reproduce, create a node and assign the anonymous user as its author, and run the code above.

Notice: Trying to get property of non-object in entity_metadata_user_access() (line 547 of sites/all/modules/entity/modules/callbacks.inc).

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

clemens.tolboom’s picture

Both on node#overlay=admin/config/workflow/rules and /admin/config/workflow/rules I get

Notice: Trying to get property of non-object in entity_metadata_user_access() (line 571 of /.../modules/contrib/entity/modules/callbacks.inc).

Note the line # difference .. i'm unable to produce the version right now (not my system)
(this is mere a me too / subscribe)

fago’s picture

Status: Active » Fixed

Yep, I think this has been fixed recently. Please re-open if problems still occur with the latest version.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

scor’s picture

Status: Closed (fixed) » Active
FileSize
2.8 KB

I'm attaching a test so you can reproduce locally. note that it passes if the created node has 'uid' => 1, but fails with 'uid' => 0. It seems entity_metadata_user_access() chokes on the author and reference property.

sorin.eugen’s picture

FileSize
1.39 KB

Attached a patch to avoid this notice by checking if entity argument is an object.

sorin.eugen’s picture

Component: Core integration » Code - misc
Status: Active » Needs review
FileSize
1.39 KB

Attached a patch to avoid this notice by checking if entity argument is an object and not if is set.

fago’s picture

Status: Needs review » Needs work

That's not the right fix, as the function signature does not allow to pass a non-entity object in. The problem is earlier when 0 is passed on as user object what fails to load.

Maybe best fix the 'getter callback' to check for that case and use drupal_anonymous_user() then. E.g. as in

    case 'current_user':
      return $GLOBALS['user']->uid ? $GLOBALS['user']->uid : drupal_anonymous_user();
Mile23’s picture

Status: Needs work » Needs review
FileSize
1.48 KB

I'm seeing this error as well, when using Inline Entity Form to potentially add users.

I haven't run through IEF to see what bugs live there, but this patch makes the message go away.

It also re-adds the fix to #1412568: entity_metadata_user_access doesn't check the status of the user :-)

Status: Needs review » Needs work

The last submitted patch, 1237014.patch, failed testing.

Mile23’s picture

Urgh. Passed locally.

scor’s picture

+++ b/modules/callbacks.inc
@@ -638,13 +638,21 @@ function entity_metadata_no_hook_node_access($op, $node = NULL, $account = NULL)
+        if ($entity->uid == $account->uid) || user_access('access user profiles', $account) {

wrap the if condition into ( ).

+++ b/modules/callbacks.inc
@@ -638,13 +638,21 @@ function entity_metadata_no_hook_node_access($op, $node = NULL, $account = NULL)
+      if (user_access('administer users', $account)) return TRUE;

please put the return on a new line (that's Drupal coding standards). you actually used that convention in the if statement above it.

Mile23’s picture

FileSize
1.5 KB

Thanks, scor.

Mile23’s picture

Status: Needs work » Needs review
Mile23’s picture

Mile23’s picture

With this patch, entity_metadata_user_access() successfully handles the 'create' op, based on whether the user is blocked, and/or has 'administer users' permissions. With tests. :-)

Again, very similar to #1780646: entity_access() fails to check node type specific create access which has a patch pending as well.

Status: Needs review » Needs work

The last submitted patch, entity-create_user_test-1237014-15.patch, failed testing.

Mile23’s picture

Different tack, better solution.

Mile23’s picture

Status: Needs work » Needs review
wodenx’s picture

This implements the approach suggested by @fago in #7, and adds @scor's test case from #4. It only addresses the notices, not the blocked user issue, and should apply independently of #17

fago’s picture

Status: Needs review » Fixed

Thanks - #19 looks good to me. Committed.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.