Closed (fixed)
Project:
Drupal core
Version:
9.1.x-dev
Component:
comment.module
Priority:
Major
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
11 Apr 2021 at 18:56 UTC
Updated:
28 Apr 2021 at 14:34 UTC
Jump to comment: Most recent
Comments
Comment #2
jonathanshawComment #4
jonathanshawI suggest that under the parent issue's test coverage policy it is acceptable for this not to have test coverage, because it would require unusual customisations to encounter, and it's more important to progress the blocked issue.
Comment #5
jonathanshawComment #6
longwaveThis one seems pretty obvious that we shouldn't be checking access when explicitly deleting all comments belonging to a user.
Comment #9
catchI had to think about test coverage for a bit - access to comments can be restricted via node access, but this only happens in the comment selection handler (which is hard-coded) and via entity access checks to the commented entity, not via altering comment entity queries. So if we added special handling to comment queries it might happen, but in practice we don't, and that's not worth holding up the many other dozens of critical bugs in contrib that will be fixed by the parent issue.
Committed/pushed to 9.2.x and cherry-picked to 9.1.x, thanks!