Join Log in
Score:2
CWolf18 avatar Drupal

Why doesn't the entity access handler I wrote work when the entity is referenced?

ga flag
CWolf18

I have set a handler for the access of my entity but when I reference it in another entity, the access is not checked. I want the reference and the entity to have the same access check. Any idea ? The entity is a taxonomy term and I reference it in a basic node

The handler below, I return forbidden to test

/**
 * Defines the access control handler for the taxonomy term entity type.
 *
 * @see \Drupal\taxonomy\Entity\Term
 */
class MyAccessControlHandler extends TermAccessControlHandler {

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    return AccessResult::forbidden();
  }

}

Edit : Until I found a better solution, I use view and form alter hook to check the referenced entity access by getting the said entity and using it's access() method

152
0 + 11
8
id flag
cilefen
Welcome to Drupal Answers! If there is some custom code you must add that to the question or the question will be downvoted. I wish to make to aware that Drupal 8 is end-of-life and is no longer developed or supported on drupal.org.
0
Reply
CWolf18 avatar
ga flag
CWolf18
I have updated with the handler code
0
Reply
in flag
Joseph
Drupal caches access results, causing access check code to not be hit. Clear caches or disable caching while debugging to eliminate this possibility.
0
Reply
CWolf18 avatar
ga flag
CWolf18
Already done with drush cr
0
Reply
No Sssweat avatar
ua flag
No Sssweat
Is your `MyAccessControlHandler` class even getting called/instantiated? Do this [via a hook instead](https://drupal.stackexchange.com/a/313783/27710).
0
Reply
Jaypan avatar
de flag
Jaypan
Access checks are not performed when adding an entity as a reference. I think you would instead need to put a constraint on the entity doing the referencing.
0
Reply
Jaypan avatar
de flag
Jaypan
Wait, are you thinking the entity shouldn't be able to be added, or that when it is added, it should not be rendered?
0
Reply
leymannx avatar
ne flag
leymannx
Does this answer your question? [Views Search Ignoring Custom Node Access permissions](https://drupal.stackexchange.com/questions/52756/views-search-ignoring-custom-node-access-permissions)
0
Reply
leymannx avatar
ne flag
leymannx
Usually user 1 bypasses access rules. And views and other entity queries ignore them as well. Then you maybe need access grants.
0
Reply
CWolf18 avatar
ga flag
CWolf18
@Jaypan . Yes I think that the referenced entity should not be viewed by someone who don't have that right on the entity
0
Reply
Jaypan avatar
de flag
Jaypan
Access handlers are only on CRUD actions directly on the entity. If you are adding the entity as a reference, you need to put permissions on that field. The field permission module will probably help.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.