The paragraphs_search view from the paragraphs_demo module does not have any access condition.
This is not really a problem because the query uses access checks and it will not return nodes the user can't view.
But it is a bad practice to have a view without any access condition (it is reported by the security_review module for example).
For example it could be a problem on a website where anonymous users don't have the "access content" permission, it could be surprising to site builders if they can access this view.
I know it is just a demo module but we should try to set a good example.
The view should probably require the "access content" permission.
Comments