By star-szr on
Change record status: 
Published (View all published change records)
Project: 
Drupal core
Introduced in branch: 
8.x, 7.x
Introduced in version: 
7.15
Issue links: 
https://www.drupal.org/node/1302228
Description: 

A DANGEROUS_ACCESS_CHECK_OPT_OUT query tag has been added to EntityFieldQuery to allow bypassing access checks. Previously, queries executed through EntityFieldQuery would always be altered by the node access system, potentially causing unexpected behaviour and data loss.

If you need to bypass access checks in an internal query within your module's API, you may add this tag, but you should only do so if it is necessary. If this query tag is added to a query whose results will be displayed to the user, it will bypass all access checks, potentially exposing sensitive information.

function MYMODULE_field_query($field) {
  $query = new EntityFieldQuery();
  return $query
    ->fieldCondition($field)
    ->addTag('DANGEROUS_ACCESS_CHECK_OPT_OUT')
    ->execute();
}
Impacts: 
Module developers
Updates Done (doc team, etc.)
Online documentation: 
Not done
Theming guide: 
Not done
Module developer documentation: 
Not done
Examples project: 
Not done
Coder Review: 
Not done
Coder Upgrade: 
Not done
Other: 
Other updates done

Comments

sriharsha.uppuluri’s picture

sriharsha.uppuluri commented

In Drupal 8 the same thing can be achieved by using $query->accessCheck(FALSE);