Referencing ECK with Inline Entity Form (IEF) to the node leads to the problem for the users that don't have administrator permissions. Although permissions are set to edit, on node editing the eck entity will not be shown. Creating works fine.

Since the standard operations of Access Control are view, update, delete and create, I think that the solution will be to switch from "edit" to "update". The patch should resolve this issue.

CommentFileSizeAuthor
#8 access_control-2765293-8.patch737 bytesvolkerk
#2 access_control-2765293-1.patch972 byteslulbina
0001-Fix-access-control.patch972 byteslulbina

Comments

lulbina created an issue. See original summary.

lulbina’s picture

lulbina commented
StatusFileSize
new access_control-2765293-1.patch972 bytes
lulbina’s picture

lulbina commented
Issue summary: View changes
legolasbo’s picture

legolasbo
he/him
Primary language Dutch
Location Middelburg
commented
Status: Active » Needs review

Let's see what testbot thinks

Status: Needs review » Needs work

The last submitted patch, 2: access_control-2765293-1.patch, failed testing.

legolasbo’s picture

legolasbo
he/him
Primary language Dutch
Location Middelburg
commented
Issue tags: -access permissions, -permissions, -update, -edit, -access control +Needs tests

Thanks for reporting this issue with an accompanying patch.

Before discussing the patch I would like to give you some feedback on the use of the issue queue.

  • Please use issue tags sparingly to indicate remaining steps et cetera as outlined in the issue tag guidelines
  • I see you've assigned the issue to yourself. This indicates that you are currently working on the issue and will usually result in other people ignoring the issue.
  • Always make sure you set the issue status to "Needs review" when you upload a patch to trigger automated testing of the patch. That way we can make sure at least no existing (and tested) functionality breaks before actually reviewing the patch.

As for your patch itself: it seems like a simple and sane solution, I would however like to see a failing test demonstrating this problem, which is then solved by your patch before committing this.

The last submitted patch, 2: access_control-2765293-1.patch, failed testing.

volkerk’s picture

volkerk commented
Status: Needs work » Needs review
StatusFileSize
new access_control-2765293-8.patch737 bytes

I would take a different approach, operation 'update' is handled by 'edit ..' permission, see node module implementation:
https://api.drupal.org/api/drupal/core%21modules%21node%21node.module/fu...

volkerk’s picture

volkerk commented
Assigned: lulbina » Unassigned

  • legolasbo committed f1ad2c0 on 8.x-1.x authored by volkerk 
    Issue #2765293 by lulbina, volkerk: Access Control: Permission missmatch...
legolasbo’s picture

legolasbo
he/him
Primary language Dutch
Location Middelburg
commented
Status: Needs review » Fixed
Issue tags: -Needs tests

After reviewing the issue a little deeper I've come to the conclusion that it would be difficult to add tests for this. Patch #8 seems fine to me.

Committed and pushed to 8.x-1.x. Thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.