Problem/Motivation

Having the following error after finishing the installation.

Error message
Entity queries must explicitly set whether the query should be access checked or not. See Drupal\Core\Entity\Query\QueryInterface::accessCheck().

Proposed resolution

Have queries over entities changed in the DRD Agent module
With basic accessCheck(FALSE) or pass the needed access check for admins or selected user roles and permissions.

Access checking must be explicitly specified on content entity queries
#2785449: It's too easy to write entity queries with access checks that must not have them

BEFORE

// This gets all articles the current user can view.
$ids = \Drupal::entityQuery('node')
  ->condition('type', 'article')
  ->execute();

// This also gets all articles the current user can view.
$ids = \Drupal::entityQuery('node')
  ->accessCheck(TRUE)
  ->condition('type', 'article')
  ->execute();

// This gets all articles that exist regardless of access.
$ids = \Drupal::entityQuery('node')
  ->accessCheck(FALSE)
  ->condition('type', 'article')
  ->execute();

AFTER

// This will trigger a deprecation error.
$ids = \Drupal::entityQuery('node')
  ->condition('type', 'article')
  ->execute();

// Unchanged: This gets all articles the current user can view.
$ids = \Drupal::entityQuery('node')
  ->accessCheck(TRUE)
  ->condition('type', 'article')
  ->execute();

// Unchanged: This gets all articles that exist regardless of access.
$ids = \Drupal::entityQuery('node')
  ->accessCheck(FALSE)
  ->condition('type', 'article')
  ->execute();

Remaining tasks

  • File an issue
  • Patch/MR
  • Test
  • Review

User interface changes

  • N/A

API changes

  • N/A

Data model changes

  • N/A
CommentFileSizeAuthor
#10 3348413-10.patch442 bytesgeneralredneck
#2 3348413-2.patch778 bytesrajab natshah

Issue fork drd_agent-3348413

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Rajab Natshah created an issue. See original summary.

rajab natshah’s picture

rajab natshah
he/him
commented
StatusFileSize
new 3348413-2.patch778 bytes

Rajab Natshah opened merge request !5

rajab natshah’s picture

rajab natshah
he/him
commented
Status: Active » Needs review
rajab natshah’s picture

rajab natshah
he/him
commented
Issue tags: +Drupal 10 compatibility
jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented
Status: Needs review » Reviewed & tested by the community

This is great, thanks @Rajab Natshah for finding and fixing this.

jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented
Status: Reviewed & tested by the community » Fixed
generalredneck’s picture

generalredneck
him/his
Primary language English
Location Texas, USA 🇺🇸
commented
Status: Fixed » Needs work

@jurgenhass @Rajab Natshan,

This fix causes a fatal

Error: Call to undefined method Drupal\mysql\Driver\Database\mysql\Select::accessCheck() in Drupal\drd_agent\Agent\Remote\Requirements->collect() (line 190 of /app/web/modules/contrib/drd_agent/src/Agent/Remote/Requirements.php).

The addition of accesscheck was too liberal. accesscheck doesn't exist on a this->database->select() query.

This can be reproduced by adding a new core in a drd dashboard and authorizing the remote. Afterward this manifests on the dashboard as "Remote instance does not support DRD."

generalredneck’s picture

generalredneck
him/his
Primary language English
Location Texas, USA 🇺🇸
commented
Status: Needs work » Needs review
StatusFileSize
new 3348413-10.patch442 bytes

Couldn't figure out how to add a second MR to this Issue through the existing issue fork... So here's a patch.

  • jurgenhaas committed 89499e2f on 4.0.x 
    Issue #3348413 by Rajab Natshah, generalredneck, jurgenhaas: Fix Entity...
jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented
Status: Needs review » Fixed

Merged patch from #10

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.