Problem/Motivation
#2852116: Implement access control handler for library items is going to introduce an access control handler for paragraphs_library_item entity type. The basic idea is to forward the access check to the referenced entity/paragraph.
The problem with this approach appears in ParagraphAccessControllerHandler::checkAccess()
as it tries to check the access of the parent entity. In this case, the parent entity is paragraphs_library_item
.
Proposed resolution
As a (quick) fix, ParagraphAccessControllerHandler::checkAccess()
should skip the parent access check for paragraphs_library_item
entities and fallback to neutral access?
Remaining tasks
User interface changes
API changes
Data model changes
Comment | File | Size | Author |
---|---|---|---|
#6 | do_not_check_parent-2854223-6-interdiff.txt | 890 bytes | mbovan |
#6 | do_not_check_parent-2854223-6.patch | 1.53 KB | mbovan |
#4 | do_not_check_parent-2854223-4-interdiff.txt | 1.61 KB | mbovan |
#4 | do_not_check_parent-2854223-4.patch | 1.53 KB | mbovan |
#2 | do_not_check_parent-2854223-2.patch | 1.25 KB | mbovan |
Comments
Comment #2
mbovan CreditAttribution: mbovan at MD Systems GmbH commentedSkipping parent's entity access check for library items.
Comment #3
Berdirthe logic here is strange, in one case you return and then in else define an object that use after the if.
You can inver this with creating $access_result, if (not library) { call and add parent check} and then return.
Also, either the patch is drunk or we have a dead return line below that can be removed?
Comment #4
mbovan CreditAttribution: mbovan at MD Systems GmbH commentedRefactored the code.
This applies when there is no parent entity.
Comment #5
BerdirI think that's just "for parent entity access check" (ing?). The parent is the entity, parent's entity sounds like the entity of the parent.
Can be fixed on commit.
Comment #6
mbovan CreditAttribution: mbovan at MD Systems GmbH commentedRight, fixed the comment in here.
RTBC can still apply, but changing to "Needs review" as I can't RTBC myself. :)
Comment #7
BerdirComment #9
miro_dietikerUgly, but committed. :-)