See parent issue #3200985: [meta] Fix undesirable access checking on entity query usages for context and test coverage policy.

Taxonomy's TermStorage and VocabularyStorage contain helper methods to get terms by their hierachical position. These methods use entity queries that check access. Whether or not they should do this is debatable, but has tricky backwards compatability questions and is not in scope for this issue: see #2938848: TermStorage::loadParents()/getChildren()/getTree() need an option to specify accessCheck(FALSE).

This issue simply makes explicit the currently implicit accessCheck, in order to unblock the parent issue. Priority is major as this blocks #2785449: It's too easy to write entity queries with access checks that must not have them.

Issue fork drupal-3207477

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jonathanshaw created an issue. See original summary.

jonathanshaw opened merge request !507

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost as a volunteer and at Skilld commented
Status: Active » Reviewed & tested by the community

I see no other places to fix in the module

  • catch committed 90f67d0 on 9.2.x 
    Issue #3207477 by jonathanshaw: EntityQuery accessCheck: taxonomy...
catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch at Third and Grove commented
Status: Reviewed & tested by the community » Fixed

Committed 90f67d0 and pushed to 9.2.x. Thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.