See parent issue #3200985: [meta] Fix undesirable access checking on entity query usages for context and test coverage policy. This issue is major because it blocks #2785449: It's too easy to write entity queries with access checks that must not have them.
MediaRevisionAccessCheck has a helper method countDefaultLanguageRevisions that is used to check whether the default revision is the only revision. It uses an entity query that checks access to the other revisions, but it does not intend to.
Issue fork drupal-3204389
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #3
jonathanshawThis is a funny one, as in an access checker we'd expect to want queries to be access sensitive. But the checkAccess() method suggests that countDefaultLanguageRevisions is used only to do a fast bypass if there is only a single revision, it's a performance optimisation rather a fundamental part of the access logic.
Unfortunately the comment seems to be mis-stated: actually if the ids are different, that's when additional checking is needed.
I suggest that under the parent issue's test coverage policy it is acceptable for this not to have test coverage, because it would require unusual customisations to encounter, it's only a minor performance optimisation, and it's more important to progress the blocked issue.
Comment #4
jonathanshawComment #5
andypostYes, this query should by-pass!
Btw found similar method in
\Drupal\node\NodeStorageInterface::countDefaultLanguageRevisions()
which is using more optimized version - direct queryComment #8
catchLet's go ahead here - however we should open follow-ups both to fix that code comment and also to bring the queries into line with each other.
Comment #9
andypostFiled follow-up #3204641: Improve MediaRevisionAccessCheck::countDefaultLanguageRevisions usage
I think entity query just a bit slower then direct one, btw NodeStorage is supposed to work with database directly.
Meantime if query could be improved by disabling alters it could be faster