- ππΊHungary mxr576 Hungary
#3052553: Entity query alter with cacheable metadata leaks and triggers LogicException β is kinda related just early rendering in the db query layer happens elsewhere.
The problem with the fix that was added in #2984964: JSON API + hook_node_grants() implementations: accessing /jsonapi/node/article as non-admin user results in a cacheability metadata leak β that it only covers node-[node type] collection routes and _nothing more_. That was a fix rather a band aid until β¨ Enable an entity query's return value to carry cacheability Active .
I have also bumped into this issue on user/user endpoint when I implemented a custom access checker that only granted access to a user's username if that user is author of a node that the current acting user has view access. (Related to π± [policy] Treat username enumerations as security bugs that require Security Advisories Active ) My code fired an entity query like below. There was no issue with this query until I enabled a module that provides a hook_node_grants() implementation, like node_access_test module, because
node_query_node_access_alter()only then starts performing early rendering.$query = $this->nodeStorage->getQuery(); $query->accessCheck(TRUE); $query->addMetaData('account', $acting_user); $query->addMetaData('op', 'view'); $query->condition('uid', $author->id()); return $query->execute(); - Status changed to Postponed: needs info
about 1 month ago 2:43am 21 March 2025 - π¦πΊAustralia acbramley
We need a proper update to the IS and title here. Also it sounds like this might be fixed by β¨ Enable an entity query's return value to carry cacheability Active ? Is this a duplicate?
- πΊπΈUnited States ashrafabed
As the original reporter of this issue, I only faced this issue on one project and I haven't been able to reproduce it since.
As far as I am concerned, I am OK with closing the issue unless someone else is still facing it and can provide more information.
