Problem/Motivation

Since #3001496: Add an alter hook to EntityQuery it's been possible to alter an EntityQuery, however, there is no getter for the $accessCheck property so it's impossible use the hooks for access checking without using reflection
.

Steps to reproduce

1. Implement one of the entity query alter hooks.
2. Try to determine if the query has accessCheck set to TRUE without using reflection.

Proposed resolution

Add a getter for accessCheck so that the property can be accessed without reflection.

The simplest way to do this would be to add asymmetric visibility, but since we support PHP 8.3 we'll need to define a new method.

Remaining tasks

  1. Write Patch

User interface changes

N/A

Introduced terminology

Since accessCheck is already taken, perhaps hasAccessCheck could work?

API changes

Adding a new method to Drupal\Core\Entity\Query\QueryInterface.

Data model changes

N/A

Release notes snippet

TBD

Issue fork drupal-3511909

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

davidwbarratt created an issue. See original summary.

davidwbarratt opened merge request !11431

davidwbarratt’s picture

davidwbarratt commented
Status: Active » Needs review
davidwbarratt’s picture

davidwbarratt commented
Issue summary: View changes
smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work

Thanks for the suggestion

Will probably need a simple test case around this and probably convert 1-2 spots in core that could use this to show it's needed.

davidwbarratt’s picture

davidwbarratt commented

I'm kind of shocked that hook_query_TAG_alter, at least for the purposes of access, is only used by node in core with NodeHooks1::queryNodeAccessAlter which is kind of a beast.

Ironically, the example for hook_query_TAG_alter is a hypothetical for the media module that would be greatly simplified by this change, which wouldn't use that hook in the first place.

I'm not sure where a test should therefore belong? This change is effectively only useful for contrib modules to utilize until someone wants to take on the work of refactoring node access, in which this change I imagine would be helpful.

Any guidance you can provide would be helpful!

davidwbarratt’s picture

davidwbarratt commented

It seems outside of the scope of this issue, but we could add a hook_entity_query_ENTITY_TYPE_alter for an entity type like user? For instance, if a user doesn't have the access user profiles permission and the query hasAccessCheck than the query should immediately return zero results right?

davidwbarratt’s picture

davidwbarratt commented

We could persue a more comprehensive solution, which I've documented in #777578-245: Add an entity query access API and deprecate hook_query_ENTITY_TYPE_access_alter()

davidwbarratt’s picture

davidwbarratt commented
Status: Needs work » Closed (duplicate)

I'm closing this because a more comprehensive solution is needed. I've documented the problem more clearly at #3514221: QueryInterface::accessCheck does not perform access checking in core

davidwbarratt’s picture

davidwbarratt commented
Related issues: +#3514221: QueryInterface::accessCheck does not perform access checking in core