Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The current logic will grant access to another user's unpublished entity, if the user has a "view any $entity_type" permission.
This is incorrect, "view any" is still limited to published entities. It also doesn't match what EntityAccessControlHandler is doing.
Fix incoming.
Comments
Comment #3
bojanz CreditAttribution: bojanz at Centarro commentedFixed.