commit 0b273e947fd290bc50ce758ca54437210f95cc41
Author: Daniel Wehner <daniel.wehner@erdfisch.de>
Date: Sun Aug 28 16:54:17 2011 +0200
#1222324 by dereine: Apply access tags of relationships to the query
diff --git a/handlers/views_handler_relationship.inc b/handlers/views_handler_relationship.inc
index 3b5c9fa..6bd54b3 100644
--- a/handlers/views_handler_relationship.inc
+++ b/handlers/views_handler_relationship.inc
@@ -123,6 +123,12 @@ class views_handler_relationship extends views_handler {
$alias = $def['table'] . '_' . $this->table;
$this->alias = $this->query->add_relationship($alias, $join, $this->definition['base'], $this->relationship);
+
+ // Add access tags if the base table provide it.
+ if (empty($this->query->options['disable_sql_rewrite']) && isset($table_data['table']['base']['access query tag'])) {
+ $access_tag = $table_data['table']['base']['access query tag'];
+ $this->query->add_tag($access_tag);
+ }
}
We create a line item view. We add a relationship to an order.
Then Views adds both the query tag for line items, and the query tag for orders.
The query tag for line items already handles the access for orders, calling commerce_entity_access_query_alter() for commerce_order
with the appropriate base table. The problem is in the second, extra tag that now gets added.
In that case, commerce_entity_access_query_alter() gets called for commerce_order, but without the base table specified.
So the base views table gets taken instead, leading to a condition on "commerce_line_item.uid" instead of "commerce_order.uid", which fails because line items don't have a uid column.
Comment | File | Size | Author |
---|---|---|---|
#5 | 1323366-exception.patch | 2.05 KB | bojanz |
#3 | 1323366.patch | 742 bytes | bojanz |
#1 | 1323366.patch | 1.95 KB | bojanz |
Comments
Comment #1
bojanz CreditAttribution: bojanz commentedThis is a quick fix I did to keep a client site running. Basically checks if the detected base table matches the base table for the specified entity type, aborts if it doesn't.
This seems like something we should fix before Commerce 1.1
Comment #2
bojanz CreditAttribution: bojanz commentedLooks like this will get fixed in Views: http://drupal.org/node/1222324#comment-5169140
Leaving the issue here for now, for visibility.
Comment #3
bojanz CreditAttribution: bojanz commentedOkay, Damien provided a proper Views patch that fixes the main problem.
What remains to be done in Commerce is making it search for "base_table" instead of "base table" in the query metadata (which is the key that Drupal core, Entityreference, and Views use). It's basically a typo fix.
Attaching the patch. Can be committed right away.
Comment #4
Damien Tournoud CreditAttribution: Damien Tournoud commentedMerged #3 into 7.x-1.x. Do we want to add an exception in the case we fail to detect a base table that matches ours?
Comment #5
bojanz CreditAttribution: bojanz commentedOkay, so we agreed to do a patch that compares $base_table with $entity_info['base table'], throws an exception if they don't match.
That way if we don't trip up someone who tries to use the access system incorrectly.
To be committed once the fix lands into Views, so that we can tell people what to update.
Comment #6
rszrama CreditAttribution: rszrama commentedWait a minute... does this solve #1276450: Views results empty for unprivileged user when using Relationship: Content: Referenced Product?
Comment #7
bojanz CreditAttribution: bojanz commented#1 should, in all its hackiness.
Comment #8
rszrama CreditAttribution: rszrama commentedBut not #5?
Comment #9
bojanz CreditAttribution: bojanz commentedNo, #5 will throw an exception.
Comment #10
rcross CreditAttribution: rcross commentedis there anything else we can do to move this along? I'm surprised I've seen 2 releases of commerce without this being fixed. I'm not sure if #1276450: Views results empty for unprivileged user when using Relationship: Content: Referenced Product is a duplicate or this, but either way these are major issues.
Comment #11
rszrama CreditAttribution: rszrama commentedAs it turns out, we actually had a note in commerce_entity_access_query_alter() placing the onus on the caller of the function to ensure the first table in the tables list is the base table for the entity type given if a base table is not passed in as the third argument. We simply weren't obeying our own instructions in commerce_order_query_commerce_order_access_alter(). Thanks to some work in #1879260: More robust query altering for line items, I applied a fix in the latter function there that searches through the tables list to find the commerce_order table and passes in the proper alias to commerce_entity_access_query_alter(). In the event that it can't find one, it will simply not do anything, which would actually be fine in the core use cases where the conditions have already been added anyways.
Closing this one as a duplicate unless anyone has an edge case I'm missing that they think requires this to be re-opened.