EntityQuery accessCheck: aggregator module [#3203369]

See parent issue #3200985: [meta] Fix undesirable access checking on entity query usages for context and test coverage policy.

The aggregator module uses entity queries in many places that implicitly check access, but this is probably not intended.

Issue fork drupal-3203369

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

3203369-entityquery-accesscheck-aggregator changes, plain diff MR !420
Check out this branch

About issue forks

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

13 March 2021 at 09:44

jonathanshaw created an issue. See original summary.

Comment #2

13 March 2021 at 09:53

jonathanshaw opened merge request !420

Comment #3

jonathanshaw

English

Stroud, UK

CreditAttribution: jonathanshaw commented 13 March 2021 at 09:53

Title:

EntityQuery accessCheck: aggregator module checks access in many places

» EntityQuery accessCheck: aggregator module

Comment #4

jonathanshaw

English

Stroud, UK

CreditAttribution: jonathanshaw commented 13 March 2021 at 09:54

Priority:

Normal

» Major

Major because it blocks #2785449: It's too easy to write entity queries with access checks that must not have them

Comment #5

jonathanshaw

English

Stroud, UK

CreditAttribution: jonathanshaw commented 13 March 2021 at 11:27

Status:

Active

» Needs review

Comment #6

andypost

he/him

Russian

CreditAttribution: andypost as a volunteer and at Skilld commented 26 March 2021 at 03:43

Status:

Needs review

» Reviewed & tested by the community

As all this places are used to work without access checks, if someone will add access checks the decoration of storage will be required

Comment #7

26 March 2021 at 09:30

catch committed cb74339 on 9.2.x

Issue #3203369 by jonathanshaw, andypost: EntityQuery accessCheck:...

Comment #8

26 March 2021 at 09:30

catch committed 8720966 on 9.1.x

Issue #3203369 by jonathanshaw, andypost: EntityQuery accessCheck:...

Comment #9

catch

he/him

English

CreditAttribution: catch at Third and Grove commented 26 March 2021 at 09:31

Version:	9.2.x-dev	» 9.1.x-dev
Status:	Reviewed & tested by the community	» Fixed

Patch looks good, and agreed we don't need explicit test coverage here because query access on aggregator feeds is an extreme edge case.

Comment #10

9 April 2021 at 09:34

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

EntityQuery accessCheck: aggregator module

Issue fork drupal-3203369

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Comment #10

Parent issue

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community