Problem/Motivation

When stepping through code for #2958568: Add a search api processor for view unpublished I stumbled upon the code in \Drupal\search_api\Plugin\search_api\processor\ContentAccess::preprocessSearchQuery(), and I have to say that the flow doesn't make sense.

Here's the current code:

  public function preprocessSearchQuery(QueryInterface $query) {
    if (!$query->getOption('search_api_bypass_access')) {
      $account = $query->getOption('search_api_access_account', $this->getCurrentUser());
      if (is_numeric($account)) {
        $account = User::load($account);
      }
      if ($account instanceof AccountInterface) {
        $this->addNodeAccess($query, $account);
      }
      else {
        $account = $query->getOption('search_api_access_account', $this->getCurrentUser());
        if ($account instanceof AccountInterface) {
          $account = $account->id();
        }
        if (!is_scalar($account)) {
          $account = var_export($account, TRUE);
        }
        $this->getLogger()->warning('An illegal user UID was given for node access: @uid.', ['@uid' => $account]);
      }
    }
  }

So, in English:

  1. Load the current user from either the 'search_api_bypass_access' query option or the current user context.
  2. If the loaded account value is numeric, replace it with an account object.
  3. If the loaded account value is a user account, add node access checks.
  4. If the loaded account value is not a user account:
    1. Load the current user from either the 'search_api_bypass_access' query option or the current user context.
    2. If the loaded account value is a user account, get its ID.
    3. If the loaded account value is not an scalar value, dump it to human-readable format.
    4. Log a warning.

The parts that don't make sense are italicized/emphasized. The only way flow can get into that block is if the loaded user isn't a user account, so it doesn't make any sense to try to load it again and check if it's a user account.

Am I missing anything?

Steps to reproduce

Open \Drupal\search_api\Plugin\search_api\processor\ContentAccess::preprocessSearchQuery() for editing.

Proposed resolution

Remove the parts that don't make sense/could not possibly apply.

Remaining tasks

CommentFileSizeAuthor
#4 3315269-4--fix_wonky_error_handling_code_in_ContentAccess.patch776 bytesdrunken monkey
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

GuyPaddock created an issue. See original summary.

GuyPaddock’s picture

GuyPaddock CreditAttribution: GuyPaddock at Inveniem commented
Issue summary: View changes
GuyPaddock’s picture

GuyPaddock CreditAttribution: GuyPaddock at Inveniem commented
Issue summary: View changes
drunken monkey’s picture

drunken monkey
he/him
Primary language German
Location Vienna, Austria
CreditAttribution: drunken monkey as a volunteer commented
Status: Active » Needs review
FileSize
3315269-4--fix_wonky_error_handling_code_in_ContentAccess.patch776 bytes

Thanks for reporting this issue!
You’re right, the second $account instanceof AccountInterface check is definitely unnecessary, there is really no way that could happen. However, we do need to reload $account again from the option, as $account could be NULL at that point if the option contains an unknown user ID. Defaulting to the current user again, on the other hand, probably doesn’t make much sense.

Patch attached, please review!

  • drunken monkey committed 1bc47909 on 8.x-1.x 
    Issue #3315269 by drunken monkey, GuyPaddock: Fixed illogical error...
drunken monkey’s picture

drunken monkey
he/him
Primary language German
Location Vienna, Austria
CreditAttribution: drunken monkey as a volunteer commented
Status: Needs review » Fixed

Merged. Thanks again!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.