- 🇳🇿New Zealand John Pitcairn
I'm seeing this problem with a view of Profile entities, using the "OR" condition on two contextual
profile_id
arguments. Any user who does not have "administer profiles" permission sees all profiles on the system.Stepping through it with a debugger, the condition group this module adds looks correct when it is added. But I think something later in the rewrite/access chain is messing it up for users without administer permission for the base table entity. That's why "Disable SQL rewriting" fixes this, but it's a potentially dangerous fix.