Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Summary
We have many references to employees on various nodes. When an employee no longer works they are obviously blocked. This causes them to disappear completely off of the view of the nodes. This is different from the behavior of other drupal aspects in that users are still able to see their names, just not click in and view their profiles. With the target_id being removed completely, there is no way to even just display the users name for historical purposes.
Thoughts
Not sure what the best approach to this is. It is great that there are access checks, and I think this definitely applies in the case of nodes, in that you probably don't want even titles showing up. In our case we have modified the access control check and to always attach the user, regardless of access checks.
This seems to be congruent with other aspects of drupal, as comments that these users have left continue to show their name (even with link) as default by drupal, and then you get the access denied error when clicking on the name.
I think users should always be attached regardless of what entity_access returns.
A more complex alternative might be additional settings when setting the display of the node that allows users to select whether to run access checks before attaching the entity. Again this could be useful for other entities if you wanted to say just show the title. Even better if we are going crazy would be to have different display properties for nodes with access and those without. This would allow the user to Link to node if they have access or just show title if they do not.
Workaround
We got around the problem by simply bypassing the checks altogether for users. Again this seems to behave like drupal core with this in in that the user shows up with link but then get access denied when clicking on the link if uid is not 1.
entityreference.module
foreach ($items[$id] as $delta => $item) {
// Check whether the referenced entity could be loaded and that the user has access to it.
if (isset($target_entities[$item['target_id']]) && ($field['settings']['target_type'] == 'user' || entity_access('view', $field['settings']['target_type'], $target_entities[$item['target_id']]))) {
// Replace the instance value with the term data.
$items[$id][$delta]['entity'] = $target_entities[$item['target_id']];
}
// Otherwise, unset the instance value, since the entity does not exists or should not be accessible.
else {
unset($items[$id][$delta]);
$rekey = TRUE;
}
}
Comments
Comment #1
lsolesen CreditAttribution: lsolesen commentedTried with latest dev?
Comment #2
joachim CreditAttribution: joachim commentedRelated issue: #1984130: referenced users output with the 'Label' formatter are not shown to users without the 'view user profiles' permission.
Comment #3
ArVar CreditAttribution: ArVar as a volunteer commentedComment #4
ArVar CreditAttribution: ArVar as a volunteer commented