Entityreference fields are frequently used to classify other entities. Now that it's simple to create custom entity types (with modules such as ECK, or Entity API), it's often desirable to use a custom entity type for this sort of thing, rather than Taxonomy terms.
For example, suppose I am building a schedule for a DrupalCamp website. I want to classify sessions into rooms and tracks. I may want to create a custom entity type for either rooms or tracks, rather than use taxonomy.
However, this causes a problem:
* editor users should be able to view a room or track entity, so they can work with it
* normal users have no need to view a room or track entity
* normal users DO need to see on a session node the room and track reference it belongs to: ie, the value of the reference field as an entity label.
So we have a problem in that Drupal's entity system doesn't distinguish between 'view the whole entity' and 'view the entity's label in an embedded context'.
Taxonomy has always got round this by simply using the same view access as nodes: if you can see a node, you can see a term.
However, for custom entities, this isn't possible.
Given that it's not feasible at this stage to completely rework the way entity access works with some sort of extra 'view label' permission, I think the best thing is to add an option to the 'label' formatter to bypass the entity access control.
This would give let site builders determine when it's appropriate to show labels. For example, in the camp schedule example, the site builder would know that it's part of the design to allow users to see the names of rooms, even without letting them access the full room entities.
Comments
Comment #1
joachim CreditAttribution: joachim commentedHere's a patch.
Comment #2
joachim CreditAttribution: joachim commentedOops.
Comment #3
joelstein CreditAttribution: joelstein commentedI really like this solution. The patch worked for me, though I fixed one misspelling.
Comment #4
leahtard CreditAttribution: leahtard commentedYes, agreed, great patch. Does as advertised. My use case is that I need the entity link to display if the user has access and then display as plain text if they do not. If I get this figured out, I'll post an update.
Cheers, Leah
Comment #5
lias CreditAttribution: lias commentedThank you for patch. Works very well and a relief not to have to grant permissions unnecessarily.
Tested using Drupal 7.29, Entity Reference 7x-1.1 and Views 7x-3.8
Comment #6
lias CreditAttribution: lias commentedIs this patch going to be committed to 7x?
Comment #7
MrPeanut CreditAttribution: MrPeanut commentedAlmost two years later and this patch still works great! Thanks, joachim and joelstein. Would love to see this committed.
Comment #8
geek-merlinA big +1 for a commit too.
Comment #9
hansfn CreditAttribution: hansfn as a volunteer commentedA huge +1 for a commit from me. (Added "Plan for EntityReference 7.x-1.2 release" as parent issue.)
Comment #10
junaidpvPatch from #3 does not apply to latest dev.
Rerolled.
Comment #12
spotzero CreditAttribution: spotzero at Coldfront Labs Inc. commentedCommitted.
Comment #14
spotzero CreditAttribution: spotzero at Coldfront Labs Inc. commentedWait, this isn't the issue I committed. Oops! Reverting.
Comment #16
spotzero CreditAttribution: spotzero at Coldfront Labs Inc. commentedActually committed.