Active
Project:
Entity reference
Version:
7.x-1.1
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
6 Sep 2016 at 10:12 UTC
Updated:
6 Sep 2016 at 10:12 UTC
Jump to comment: Most recent
Relevant:
- #1909436: Access denied: Entity Reference should also allow on node edit permission
- #2149221: Node access performance issue after update
When referencing nodes, the query uses node access to filter, so returning entities will be accessible for the current user. When displaying (in options etc) the results, node access is checked again in getLabel(). The second access check is useless, because all entities have been access checked already. For nodes, this is a certainty. For all other entity types, not so much.
#1909436: Access denied: Entity Reference should also allow on node edit permission extends this access check, which makes sense sometimes.
#2149221: Node access performance issue after update mentions the performance hit, which can be HUGE problem: a dropdown with 50 nodes, will do 50 node access queries, which can be HUGE depending on the current user's grants. Not only are the 50 queries slow, but building the queries is even way slower (because of Drupal's query builder).
The fix is very very easy if you ignore the first issue (include edit access): don't explicitly access check when referencing nodes, because it's been handled already. With edit access, I don't know.....
Comments