Claim access always returns false for anonymous user regardless of permissions.

CommentFileSizeAuthor
entity-claim-link-anonymous-users-false-2642996-1.patch1.04 KBmonstrfolk

Comments

monstrfolk created an issue. See original summary.

nikunjkotecha’s picture

nikunjkotecha
he/him
Primary language Gujarati
Location India, Gujarat, Rajkot
commented
Status: Needs review » Closed (works as designed)

I think this works as designed, we don't want anonymous users to claim anything, they need to register/login.

monstrfolk’s picture

monstrfolk commented

How does the login link get shown to an anonymous user? It never will. If the user does not have a uid then access is always false.

nikunjkotecha’s picture

nikunjkotecha
he/him
Primary language Gujarati
Location India, Gujarat, Rajkot
commented
Status: Closed (works as designed) » Needs work

Seems like the recent changes we made to conditions stopped that, I'll check it thoroughly and ensure it works as before.

There were two things - one: User has access to claim, two: claim is allowed on the entity.

If claim is allowed but user is anonymous, we display login link, if claim is allowed, user is not anonymous - we check user_access too.

monstrfolk’s picture

monstrfolk commented

I think access should return true for anonymous users if authenticated users have access to post claims. This way an add claim link will be shown to anonymous users with a link to the login page.

Hope that makes sense.

monstrfolk’s picture

monstrfolk commented

If claim is allowed but user is anonymous, we display login link if authenticated users can create claims.
if claim is allowed, user is not anonymous - we check user_access too.

nikunjkotecha’s picture

nikunjkotecha
he/him
Primary language Gujarati
Location India, Gujarat, Rajkot
commented

Yep, makes sense. I'm thinking of reworking this and create two functions, one to check claim allowed and other two check user access and ensure it is not dependent on the conditions that we add later while displaying links and use the permission of anonymous user to display login link instead of displaying it by default. I'll also add the description in permission explaining that if allowed to anonymous, it will display the login link.

monstrfolk’s picture

monstrfolk commented

ok...also, look at the other patch i created.

https://www.drupal.org/node/2801535

the code i have in the block follows that logic...

+      if (entity_claim_add_access($entity_type, $entity_wrapper->getIdentifier())) {
+        if (user_is_anonymous()) {
+          $link_options['query'] = array('destination' => $claim_link);
+          $link = l($text, 'user/login', $link_options);
+        }
+        else {
+          $link = l($text, $claim_link, $link_options);
+        }
         $block['content'] = $link;
       }
nikunjkotecha’s picture

nikunjkotecha
he/him
Primary language Gujarati
Location India, Gujarat, Rajkot
commented

Yes, this is in the block. My concern is we are returning TRUE in access check so everywhere we do just access check we will need to handle this than.

monstrfolk’s picture

monstrfolk commented

Yeah....I don't see another way to handle it. I think the only places that need to handle this is in the block link and links in the page of the entity. 2 places?

nikunjkotecha’s picture

nikunjkotecha
he/him
Primary language Gujarati
Location India, Gujarat, Rajkot
commented

In access callback for the menu item to add form

$items['claim/add/%claim_type/%'] = array(
    'title' => 'claim entity',
    'title callback' => 'entity_claim_title_callback',
    'title arguments' => array(2, 3),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('entity_claim_add_form', 2, 3),
    'access callback' => 'entity_claim_add_access',
monstrfolk’s picture

monstrfolk commented

that is a problem.

monstrfolk’s picture

monstrfolk commented

@miteshmap, this issue is related to https://www.drupal.org/node/2801535.

Do you think this is a problem?

Yes, this is in the block. My concern is we are returning TRUE in access check so everywhere we do just access check we will need to handle this than.