Contrib.social

Anonymous user see all

Open on Drupal.org →
Created on 14 April 2020, over 4 years ago
Updated 11 July 2023, about 1 year ago

I Have a View of "Products - Books"

Product contains Authors and Illustrators fields (reference entity - separate node Autor)

I wanted to list related books on the author or illustrator node (contextual filter author_filed OR Illustrator field).
It works independently (only Author_field or only Illustrator_field). If I enable the OR module to have it in one view, the Administrator sees it correctly, but the anonymous user sees all the products (as if there was no contextual filter).

🐛 Bug report
Status

Active

Version

1.0

Component

Code

Created by

🇨🇿Czech Republic mandus.cz

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 year ago
    🇳🇿New Zealand John Pitcairn

    I'm seeing this problem with a view of Profile entities, using the "OR" condition on two contextual profile_id arguments. Any user who does not have "administer profiles" permission sees all profiles on the system.

    Stepping through it with a debugger, the condition group this module adds looks correct when it is added. But I think something later in the rewrite/access chain is messing it up for users without administer permission for the base table entity. That's why "Disable SQL rewriting" fixes this, but it's a potentially dangerous fix.

  • Comment about 1 year ago
    🇳🇿New Zealand John Pitcairn
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024