If a module implementing node grants is enabled, and a non-standard operation is passed to check access to a node, then a database exception is thrown.
The node grant system is not activated unless there is an installed module which implements hook_node_grants
. Drupal does not come with any non-test modules implementing this hook.
Once the grant system is enabled, \Drupal\node\NodeGrantDatabaseStorage->access()
constructs a database conditions' column by concatenating 'grant' . $operation
. However only 'grant_view', 'grant_update', 'grant_delete' columns exist. The code does not do any pre-checks for column existence.
This code was uncovered due to a non-standard operation implemented by
RNG →
, combined with a hook_node_grants
implementer in
content_access →
.
Steps to reproduce:
$node->access('a_random_operation');
The patch ensures the operation passed is one of the three grant columns in node_access
database table.
N/A
None
None
None
-
RNG →
issue: Possible problem with RNG and CONTENT ACCESS #71
-
Content Access →
issue:
#2653252: "The website encountered an unexpected error" upon setting Access Control for individual node →
Fixed
8.0 ⚰️
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.