Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
See parent issue #3200985: [meta] Fix undesirable access checking on entity query usages for context and test coverage policy. This issue is major because it blocks #2785449: It's too easy to write entity queries with access checks that must not have them.
The MenuLinkContentDeriver::getDerivativeDefinitions uses an entity query that implicitly checks access for the current user, when it should not.
Issue fork drupal-3204138
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
jonathanshawI suggest that under the parent issue's test coverage policy it is acceptable for this not to have test coverage, because it would require unusual customisations to encounter and it's more important to progress the blocked issue.
Comment #4
jonathanshawComment #5
longwaveThis seems to be the only entity query for menu_link_content. Agree that the deriver should not perform any access checks, and that test coverage is non trivial to write and probably unnecessary here.
Comment #8
catchCommitted/pushed to 9.2.x and cherry-picked to 9.1.x, thanks!