Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Several places in the module use this pattern for access checks:
// Only allow access if the user can create group content using the
// provided plugin or if he doesn't need access to do so.
return AccessResult::allowedIf($access xor !$needs_access);
Why deny access if both apply?
If the user doesn't need access to be checked, then surely it shouldn't matter if the access check has passed?
Comment | File | Size | Author |
---|---|---|---|
#2 | access_check_xor-2872371-2.patch | 1.21 KB | LOBsTerr |
|
Comments
Comment #2
LOBsTerr CreditAttribution: LOBsTerr at European Commission and European Union Institutions, Agencies and Bodies commentedI agree it should be xor