We're having an Entity Reference problem over in Views that may need a bit of nudging on the definitions in SelectionInterface. Hopefully this doesn't get too pedantic. This is right at the limit of my comprehension level for entity reference, so if I've misrepresented the problem, please correct me. See related issue 2714089 for context.

Drupal\Core\Entity\EntityReferenceSelection\SelectionInterface has the following definition for getReferencableEntities:

  /**
   * Gets the list of referenceable entities.
   *
   * @return array
   *   A nested array of entities, the first level is keyed by the
   *   entity bundle, which contains an array of entity labels (escaped),
   *   keyed by the entity ID.
   */
  public function getReferenceableEntities($match = NULL, $match_operator = 'CONTAINS', $limit = 0);

The problem for the views developers is that the definition of "entity labels" here is deemed too rigid. There's a request for Entity Reference to be able to use an Entity Reference View to be able to return labels that are not the labels defined by the entity, but rather arbitrary labels by the Entity Reference View.

Specifically, it's forbidden for Drupal\views\Plugin\EntityReferenceSelection\ViewsSelection::getReferencableEntites to return an arbitrary label, because SelectionInterface::getReferenceableEntities says it must return "entity labels".

My read on is is that there are two paths to resolving this:

1) The definition of SelectionInterface::GetReferencableEntities was never intended to be that strict. "Entity labels" means "labels that most of the time are attached to entities", and modules should be able to return what labels they please.

2) SelectionInterface::GetReferencableEntities was defined as intended, and ViewSelection is overstepping its bounds by implying that an Entity Reference View can return arbitrary labels. Developers instead should be looking to modify Label Callbacks instead of trying to create a view to return labels.

CommentFileSizeAuthor
#6 2768901-6.patch813 byteslendude

Comments

TrevorBradley created an issue. See original summary.

trevorbradley’s picture

trevorbradley CreditAttribution: trevorbradley commented
Related issues: +#2714089: Views Filter by an entity reference view not working as expected
amateescu’s picture

amateescu CreditAttribution: amateescu for Pfizer, Inc. commented

SelectionInterface::getReferencableEntities() was indeed not meant to be that strict on the return values. Let's just remove the 'entity' part and say that we return labels.

lendude’s picture

lendude
Primary language Dutch
Location Amsterdam
CreditAttribution: lendude at Noctilaris commented

Should we also specify if the label can contain HTML? Or that it needs to be sanitised before returning it?

amateescu’s picture

amateescu CreditAttribution: amateescu for Pfizer, Inc. commented

Yes, let's specify that the label may contain HTML and we already say that the returned labels are escaped.

lendude’s picture

lendude
Primary language Dutch
Location Amsterdam
CreditAttribution: lendude at Noctilaris commented
Status: Active » Needs review
StatusFileSize
new 2768901-6.patch813 bytes

already say that the returned labels are escaped

Well I think it might help to clearly state that the labels need to be escaped. So how about something like this?

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

berdir’s picture

berdir
Primary language German
Location Switzerland
CreditAttribution: berdir at MD Systems GmbH commented
Title: Entity Reference: Definition of SelectionInterface::getReferenceableEntities too restrictive, doesn't allow for alternate "non-entity" labels » Documentation of SelectionInterface::getReferenceableEntities too restrictive, doesn't allow for alternate "non-entity" labels
Status: Needs review » Reviewed & tested by the community

That looks OK to me. Not sure if this is a feature or task or what exactly :) Changing issue title a bit to clarify that it is "just" a documentation change.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Status: Reviewed & tested by the community » Needs work 
+++ b/core/lib/Drupal/Core/Entity/EntityReferenceSelection/SelectionInterface.php
@@ -19,8 +19,8 @@
+   *   Labels may contain escaped HTML.

I think the intention here is to say that the labels are trusted and therefore should be safe for html output. Or maybe because these are used in select lists html is just a big no-no - looking at the implementations.

trevorbradley’s picture

trevorbradley CreditAttribution: trevorbradley commented

In the context of my original post, these labels were being used in an autocomplete and I needed them sanitized.

I'd have been more than happy to ensure they were sanitized myself though.

Version: 8.2.x-dev » 8.3.x-dev

Drupal 8.2.6 was released on February 1, 2017 and is the final full bugfix release for the Drupal 8.2.x series. Drupal 8.2.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.3.0 on April 5, 2017. (Drupal 8.3.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.3.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.4.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.3.x-dev » 8.4.x-dev

Drupal 8.3.6 was released on August 2, 2017 and is the final full bugfix release for the Drupal 8.3.x series. Drupal 8.3.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.4.0 on October 4, 2017. (Drupal 8.4.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.4.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.4 was released on January 3, 2018 and is the final full bugfix release for the Drupal 8.4.x series. Drupal 8.4.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.5.0 on March 7, 2018. (Drupal 8.5.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.5.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.6 was released on August 1, 2018 and is the final bugfix release for the Drupal 8.5.x series. Drupal 8.5.x will not receive any further development aside from security fixes. Sites should prepare to update to 8.6.0 on September 5, 2018. (Drupal 8.6.0-rc1 is available for testing.)

Bug reports should be targeted against the 8.6.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.6.x-dev » 8.8.x-dev

Drupal 8.6.x will not receive any further development aside from security fixes. Bug reports should be targeted against the 8.8.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.9.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.7 was released on June 3, 2020 and is the final full bugfix release for the Drupal 8.8.x series. Drupal 8.8.x will not receive any further development aside from security fixes. Sites should prepare to update to Drupal 8.9.0 or Drupal 9.0.0 for ongoing support.

Bug reports should be targeted against the 8.9.x-dev branch from now on, and new development or disruptive changes should be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.2.x-dev

Drupal 8 is end-of-life as of November 17, 2021. There will not be further changes made to Drupal 8. Bugfixes are now made to the 9.3.x and higher branches only. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.15 was released on June 1st, 2022 and is the final full bugfix release for the Drupal 9.3.x series. Drupal 9.3.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.4.x-dev branch from now on, and new development or disruptive changes should be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.9 was released on December 7, 2022 and is the final full bugfix release for the Drupal 9.4.x series. Drupal 9.4.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.5.x-dev branch from now on, and new development or disruptive changes should be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.5.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

smustgrave’s picture

smustgrave CreditAttribution: smustgrave at Mobomo commented
Status: Needs work » Postponed (maintainer needs more info)
Issue tags: +stale-issue-cleanup

Thank you for sharing your idea for improving Drupal.

We are working to decide if this proposal meets the Criteria for evaluating proposed changes. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or there is no community support. Your thoughts on this will allow a decision to be made.

Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

Thanks!