Problem/Motivation

Relying on entity queries to check access by default is deprecated in drupal:9.2.0 and an error will be thrown from drupal:10.0.0. Call \Drupal\Core\Entity\Query\QueryInterface::accessCheck() with TRUE or FALSE to specify whether access should be checked. See https://www.drupal.org/node/3201242

Proposed resolution

Add explicit ->accessCheck() calls on entity queries.

Issue fork workflow-3250738

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

piggito created an issue. See original summary.

piggito’s picture

piggito commented
Issue summary: View changes

piggito opened merge request !4

piggito’s picture

piggito commented
Assigned: piggito » Unassigned
Status: Active » Needs review
gribnif’s picture

gribnif commented

I noticed that in all cases in the current MR the argument TRUE is being passed to accessCheck(). I think each case needs to be evaluated more closely, as it's likely that FALSE is a better value to use. As it is now, there may be cases where data is not updated because of the TRUE.

johnv’s picture

johnv
Primary language Dutch
commented

This is committed here: #3329050: D10: Add accessCheck() to entityQuery. Thanks

johnv’s picture

johnv
Primary language Dutch
commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.