The AccessPluginBase class which is extended for Permission Plugins in Views uses the method access() and returns TRUE or FALSE depending upon whether the user should have access to the view.

The return value is cached. That means that it isn't possible to use these plugins on each and every page load to determine whether the user has access or not. Any system which is using external authentication for anonymous traffic and not Drupal's built-in authentication (such as cookies, paywall / content protection systems that poll external APIs) will not function correctly unless the Drupal cache is repeatedly cleared which of course isn't practical.

Is this a bug or is there a way to force the page to call access() every time in the Plugin?

The problem can be reproduced easily - select one of the three built-in permissions (such as None.php) and insert a drupal_set_message('Hello world'); before the Boolean return in access(). Then set up a View to use that permission, clear the cache, and land on the page. You will see the "Hello World" first time but not on subsequent page loads until the cache is cleared again.

Also worth mentioning I am using public function getCacheMaxAge() { return 0; } but it doesn't appear to work.

Comments

badzilla created an issue. See original summary.

badzilla’s picture

badzilla commented
Issue summary: View changes
mustanggb’s picture

mustanggb commented
Project: Views (for Drupal 7) » Drupal core
Version: 8.x-3.x-dev » 8.6.x-dev
Component: Code » views.module
Status: Needs work » Active

Version: 8.6.x-dev » 8.7.x-dev

Drupal 8.6.0-alpha1 will be released the week of July 16, 2018, which means new developments and disruptive changes should now be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

matiasmiranda’s picture

matiasmiranda
Primary language Spanish
Location Yerba Buena
commented

Your workaround helped me a lot (for now) thanks @badzilla http://www.badzilla.co.uk/drupal-8-views-custom-access-plugin.
following for final solution...

Version: 8.7.x-dev » 8.8.x-dev

Drupal 8.7.0-alpha1 will be released the week of March 11, 2019, which means new developments and disruptive changes should now be targeted against the 8.8.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

fconnolly’s picture

fconnolly commented

any update on this?

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.0-alpha1 will be released the week of October 14th, 2019, which means new developments and disruptive changes should now be targeted against the 8.9.x-dev branch. (Any changes to 8.9.x will also be committed to 9.0.x in preparation for Drupal 9’s release, but some changes like significant feature additions will be deferred to 9.1.x.). For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 9.1.x-dev » 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

vivek panicker’s picture

vivek panicker commented

This should be a bug.
I am facing the same issue in Drupal 8.8.10.

vivek panicker’s picture

vivek panicker commented
Version: 9.2.x-dev » 8.8.x-dev
pameeela’s picture

pameeela commented
Version: 8.8.x-dev » 9.2.x-dev

The issue should be against the bug fix branch, and it will be backported where possible.

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.0-alpha1 was released on May 6, 2022, which means new developments and disruptive changes should now be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.5.x-dev » 10.1.x-dev

Drupal 9.5.0-beta2 and Drupal 10.0.0-beta2 were released on September 29, 2022, which means new developments and disruptive changes should now be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 10.1.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch, which currently accepts only minor-version allowed changes. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

quietone’s picture

quietone commented
Status: Active » Closed (outdated)
Issue tags: +Bug Smash Initiative

@badzilla, thanks for the report and especially including the steps to reproduce!

I tested this on a fresh install of Drupal 11.x, standard install. I followed the steps in the issue summary and the test message was displayed on every page load. In other words, I can not reproduce this.

Therefor, I am closing this as outdated.