I got 'Access denied for entity.' message when I make /router/translate-path?path=/my_webform request. This because the module is checking for $entity->access('view', NULL, TRUE). But for webform entity I must give some administer permissions to anonymous for entity access permission: https://www.drupal.org/project/webform/issues/2956771 .

I suggest that checking view access should be done only for entities which is instance of ContentEntityType. For webform entities I get webform uuid and rest link like /jsonapi/webform/webform/[UUID] and this link got 403 error. So /router/translate-path?path=/my_webform don't send any unrestricted access data but frontend don't have 403 error.

We can make a variant with a configuration form in which to specify a list of entities for which you do not check view access.

Now the module returns error 403 for links to web forms for anonymous users, although in fact anonymous users have access to web forms. This situation breaks the frontend system, so I consider this a module error.

CommentFileSizeAuthor
#11 decoupled_router-fix_webform_trans_path-3090119-11.patch1.75 KBz3cka
#10 decoupled_router-fix_webform_trans_path-3090119-10.patch1.75 KBz3cka
#5 decoupled_router-3090119-5.patch1.75 KBgoodboy
#4 decoupled_router-3090119-4.patch1.38 KBgoodboy
#3 decoupled_router-3090119-3.patch1.36 KBgoodboy
decoupled_router-webform_check.patch1.37 KBgoodboy

Issue fork decoupled_router-3090119

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

goodboy created an issue. See original summary.

goodboy’s picture

goodboy commented
goodboy’s picture

goodboy commented
StatusFileSize
new decoupled_router-3090119-3.patch1.36 KB
goodboy’s picture

goodboy commented
StatusFileSize
new decoupled_router-3090119-4.patch1.38 KB
goodboy’s picture

goodboy commented
StatusFileSize
new decoupled_router-3090119-5.patch1.75 KB
goodboy’s picture

goodboy commented
Version: 8.x-1.11 » 8.x-1.x-dev
Category: Task » Bug report
Issue summary: View changes

z3cka made their first commit to this issue’s fork.

z3cka opened merge request !2

z3cka’s picture

z3cka commented
Version: 8.x-1.x-dev » 2.x-dev

I made a MR from the patch from #5 but adapted it for the `2.x` branch: https://git.drupalcode.org/project/decoupled_router/-/merge_requests/2

I tested this with Drupal 9.2.3. Please have a look.

z3cka’s picture

z3cka commented
StatusFileSize
new decoupled_router-fix_webform_trans_path-3090119-10.patch1.75 KB

and for those that like patches

z3cka’s picture

z3cka commented
Version: 2.x-dev » 2.0.2
StatusFileSize
new decoupled_router-fix_webform_trans_path-3090119-11.patch1.75 KB

And here's a patch for the current version `2.0.2`, as that's what I'm using right now.

e0ipso made their first commit to this issue’s fork.

  • e0ipso committed 02e8e43 on 2.x authored by z3cka 
    Issue #3090119 by goodboy, z3cka: Can't get info for webform entities
e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented
Status: Needs review » Fixed

Thanks for contributing! Sorry it took this long.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.