Problem/Motivation

The hook_entity_create_access() is not useful when the access should be determined for a specific bundle.

Proposed resolution

The #2204363: [sechole] Returning TRUE from hook_entity_access()/hook_ENTITYTYPE_access() must not bypass EntityAccessController::checkAccess() solves this problem partially by providing the entity_create_access alter hook, where also the entity_bundle info is passed in. So the changes for the createAccess() method should fix this issue. However I am not sure what to do with the remaining hooks because I believe the bundle info should be passed in as well.

Remaining tasks

Implement

User interface changes

-

API changes

Introduction of alter hooks for entity/ENTITY_TYPE_create_access().

CommentFileSizeAuthor
#6 2321341-bundle_info_for_entity_access_hooks-6.patch4.23 KBblueminds
#5 2321341-bundle_info_for_entity_access_hooks-4.patch3.79 KBblueminds
#1 2321341-bundle_info_for_entity_access_hooks-1.patch2.74 KBblueminds

Comments

blueminds’s picture

blueminds commented
Status: Active » Needs review
StatusFileSize
new 2321341-bundle_info_for_entity_access_hooks-1.patch2.74 KB

So for the moment only the extracted part from the above mentioned issue. Please provide info if it is appropriate to also pass in the bundle info for the access hooks.

Also I think it will need a change record? and definitely documentation update.

Status: Needs review » Needs work

The last submitted patch, 1: 2321341-bundle_info_for_entity_access_hooks-1.patch, failed testing.

berdir’s picture

berdir
Primary language German
Location Switzerland
commented

The patch now also includes the default/check access method rename and the alter hook, which currently doesn't exist. Let's limit this to nothing but the hook arguments change, also remember to update the hook documentation.

Status: Needs work » Needs review

cbr queued 1: 2321341-bundle_info_for_entity_access_hooks-1.patch for re-testing.

blueminds’s picture

blueminds commented
StatusFileSize
new 2321341-bundle_info_for_entity_access_hooks-4.patch3.79 KB

Updating the patch to only add the entity_bundle parameter to the hooks.

blueminds’s picture

blueminds commented
StatusFileSize
new 2321341-bundle_info_for_entity_access_hooks-6.patch4.23 KB

Updated the hook arguments - passing in the context instead the langcode only.

The last submitted patch, 1: 2321341-bundle_info_for_entity_access_hooks-1.patch, failed testing.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs review » Needs work 
+++ b/core/modules/system/entity.api.php
@@ -571,7 +575,7 @@ function hook_ENTITY_TYPE_access(\Drupal\Core\Entity\EntityInterface $entity, $o
+function hook_entity_create_access(\Drupal\Core\Session\AccountInterface $account, array $context, $entity_bundle) {

The createAccess method on the access control handler has the following signature: public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = array()) { I think a little bit more symmetry would be really ncie!

berdir’s picture

berdir
Primary language German
Location Switzerland
commented

Yeah, but this is the same as checkCreateAccess() :)

Let's unify all to the same, then.. and probably easier to change the hook + check method than the public API.

dawehner’s picture

dawehner
Primary language German
commented
Status: Needs work » Reviewed & tested by the community

OH, I haven't realized that.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Reviewed & tested by the community » Fixed

Need to update https://www.drupal.org/node/2095227

Committed bf28ded and pushed to 8.0.x. Thanks!

  • alexpott committed bf28ded on 8.0.x 
    Issue #2321341 by blueminds: Fixed EntityAccessControlHandler::...
berdir’s picture

berdir
Primary language German
Location Switzerland
commented

Added the new argument to the change record, thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.