Contrib.social

The "bundle" views filter shows options the user doesn't have access to

Open on Drupal.org β†’
Created on 5 December 2019, over 5 years ago
Updated 4 February 2023, about 2 years ago

Discovered in Commerce: #3003105: The views bundle (type) filter shows items that the user doesn't have access to β†’ .

The offered bundles are not filtered for access:

  public function getValueOptions() {
    if (!isset($this->valueOptions)) {
      $types = $this->bundleInfoService->getBundleInfo($this->entityTypeId);
      $this->valueTitle = $this->t('@entity types', ['@entity' => $this->entityType->getLabel()]);

      $options = [];
      foreach ($types as $type => $info) {
        $options[$type] = $info['label'];
      }

      array_multisort($options, SORT_ASC, SORT_REGULAR, array_keys($options));
      $this->valueOptions = $options;
    }

    return $this->valueOptions;
  }

This means that the user sees options that always result in no results (assuming query access filtering is performed).

I am proposing that we filter by view access.

πŸ› Bug report
Status

Needs work

Version

10.1 ✨

Component
ViewsΒ  β†’

Last updated about 3 hours ago

Created by

πŸ‡·πŸ‡ΈSerbia bojanz

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    This issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request β†’ as a guide.

    Did not test issue

    MR will need to be updated for 10.1
    Test case will have to be added to show issue.

  • First commit to issue fork.
  • Comment 3 months ago β†’
    πŸ‡«πŸ‡·France goz

    goz β†’ changed the visibility of the branch 11.x to hidden.

  • Merge request !10467Issue #3099068 by richgerdes: The "bundle" views filter shows options the user... β†’ (Open) created by goz
  • Pipeline finished with Failed
    3 months ago
    Total: 166s
    #360211
  • Comment 3 months ago β†’
    πŸ‡«πŸ‡·France goz

    Merge request 10467 is based on 11x and add more logic.

    If we do not display bundles a user cannot access on filters, results should also reflect that.

    To avoid regressions, access check is an option. If checked, unavailable options based on user access will be :

    • IN operator: Removed from options to query
    • NOT IN operator: Added to options before querying

    Note: the query filter only works :

    • If field is exposed and some filters are selected
    • NOR if field is not exposed

    In case field is exposed, if we want to filter results without submitting filters, we have to add a not exposed filter with all bundles selected so query can be altered.

  • Pipeline finished with Failed
    3 months ago
    Total: 123s
    #360402
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024