use of xor in access checks? [#2872371]

Several places in the module use this pattern for access checks:

    // Only allow access if the user can create group content using the
    // provided plugin or if he doesn't need access to do so.
    return AccessResult::allowedIf($access xor !$needs_access);

Why deny access if both apply?
If the user doesn't need access to be checked, then surely it shouldn't matter if the access check has passed?

Comment	File	Size	Author
#2	access_check_xor-2872371-2.patch	1.21 KB	LOBsTerr
#2	8.x-1.x: PHP 5.5 & MySQL 5.5, D8.7 119 pass

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

24 April 2017 at 13:42

joachim created an issue. See original summary.

Comment #2

LOBsTerr CreditAttribution: LOBsTerr at European Commission and European Union Institutions, Agencies and Bodies commented 4 March 2019 at 14:53

Status:

Active

» Needs review

File	Size
access_check_xor-2872371-2.patch	1.21 KB
8.x-1.x: PHP 5.5 & MySQL 5.5, D8.7 119 pass

I agree it should be xor

use of xor in access checks?

Comments

Comment #1

Comment #2

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community