Problem/Motivation

The UserAccessControllHandler::checkFieldAccess() method has a $explicit_check_fields array. This is meant to be used to blacklist fields, like password from the general admin permission. However, This is currently:

    $explicit_check_fields = array(
      'password',
    );

Oops, we don't have a field called 'password', but we do have one called 'pass'.

Proposed resolution

Change this to the correct 'pass' field name, and amend UserAccessControlHandlerTest to reflect this.

Get confirmation this IS a bug and that current tests are just playing into the hands of this bug, with the values modified to make the tests pass...?

Remaining tasks

Review of above

User interface changes

N/A

API changes

N/A

CommentFileSizeAuthor
d8.user-pass-field-access.patch1.27 KBdamiankloip

Comments

berdir’s picture

berdir
Primary language German
Location Switzerland
commented
Status: Needs review » Reviewed & tested by the community

Yes, confirmed, definitely wrong.

Tests were wrong, we can't have tests for our tests, so I don't think there's something left to do here?

damiankloip’s picture

damiankloip commented

Indeed, if we start testing our tests then we will never get D8 out of the door :)

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Reviewed & tested by the community » Fixed

Committed 5b06c5b and pushed to 8.0.x. Thanks!

  • alexpott committed 5b06c5b on 8.0.x 
    Issue #2388707 by damiankloip: UserAccessControlHandler has wrong $...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.