Unexpected access operation throws exception when node grant system is active

If a module implementing node grants is enabled, and a non-standard operation is passed to check access to a node, then a database exception is thrown.

Problem/Motivation

The node grant system is not activated unless there is an installed module which implements hook_node_grants. Drupal does not come with any non-test modules implementing this hook.

Once the grant system is enabled, \Drupal\node\NodeGrantDatabaseStorage->access() constructs a database conditions' column by concatenating 'grant' . $operation. However only 'grant_view', 'grant_update', 'grant_delete' columns exist. The code does not do any pre-checks for column existence.

This code was uncovered due to a non-standard operation implemented by RNG → , combined with a hook_node_grants implementer in content_access → .

Steps to reproduce:

1. Enable content_access → module, or any module implementing node grants.
2. Rebuild node access.
3. Create a test script, executing
   

     $node->access('a_random_operation');
   

4. As a limited user, run the test script.

Proposed resolution

The patch ensures the operation passed is one of the three grant columns in node_access database table.

Remaining tasks

N/A

User interface changes

None

API changes

None

Data model changes

None

References

- RNG → issue: Possible problem with RNG and CONTENT ACCESS #71
- Content Access → issue: #2653252: "The website encountered an unexpected error" upon setting Access Control for individual node →