Contrib.social

Email address not visible even with "Access other users private fields" permission

Open on Drupal.org β†’
Created on 12 December 2017, about 7 years ago
Updated 17 July 2023, over 1 year ago

Problem/Motivation

Due to issue https://www.drupal.org/project/drupal/issues/2773645 β†’ it is not possible to grant access to the mail field of users, even if the "Access other users private fields" permission has been granted. This makes it impossible to configure permissions to access the mail field.

Proposed resolution

That issue includes a patch that seems poised for inclusion in Drupal "soon", and changes the field permissions from denied to neutral. This would allow other modules like the field_permissions module to override it.

I already applied to the above patch to drupal, and implemented hook_entity_field_access to make use of the field_permissions "access private fields" permission. The following function could be included in field_permissions to make use of it and allow access to also the email address and other users' fields:

function field_permissions_entity_field_access($operation, \Drupal\Core\Field\FieldDefinitionInterface $field_definition, \Drupal\Core\Session\AccountInterface $account, \Drupal\Core\Field\FieldItemListInterface $items = NULL){
    if ($field_definition->getName() == 'mail' && $operation == 'view'){
        return AccessResult::allowedIfHasPermission($account, 'access private fields');
    }
    return AccessResult::neutral();
}
✨ Feature request
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡΅πŸ‡­Philippines DolfAndringa

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jasonawant New Orleans, USA

    I thought I'd add some notes as I dug into this a bit today.

    When programmatically retrieving a user's email address via $user->getEmail() method, it does not respect the Drupal core user 'view user email addresses' permission here or any implementation by this module. Moreover, using entity api to retrieve field values bypasses access checking, including that of this module.

    However, if you were to use field access checking via $user->mail->access('view'); , this module could impact its access grants.

    EntityAccessControlHandler.php::fieldAccess() invokes UserAccessControlHandler::checkFieldAccess() β†’ here and then later EntityAccessControlHandler.php::fieldAccess() here would invoke field_permissions_entity_field_access()

    However, I don't think there is a way to configure field permissions for user account mail property. The proposed solution would be a deviation from field permission's module configuration UI for fields.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States DamienMcKenna NH, USA

    As far as this module is concerned, maybe this should just be documented as a "known issue" or "known limitation"? It could be added to the README.md file, a documentation page of "known limitations", maybe even mentioned in hook_help.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024