checkCreateAccess should give permission if user have "create terms in $entity_bundle"

Created on 21 April 2020, over 4 years ago
Updated 19 August 2024, 4 months ago

For now, the function which is checking access to create a term is like this (in TaxonomyPermissionsControlHandler.php):

  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermission($account, 'administer taxonomy');
  }

This is not inline with another function in the same class:

  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    switch ($operation) {
      ...
      case 'create':
        return AccessResult::allowedIfHasPermissions(
            $account,
            [
              "create terms in {$entity->bundle()}",
              'administer taxonomy',
            ],
            'OR');
      ...
  }

And this is not inline with the fact that if we provide the "create terms in $entity_bundle" to a role, we expect it will alllow to create a term.

I would recommend to change the function like the following:

  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermissions($account, ["create terms in $entity_bundle", 'administer taxonomy'], 'OR');
  }

Note: this is the way the original TermAccessControlHandler (from core) was handling it.

🐛 Bug report
Status

Fixed

Version

1.0

Component

Code

Created by

🇧🇪Belgium DuneBL

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • leymannx Berlin

    I think there was some confusion on the logic during the port.

    Since this module only adds a view permission per bundle we should leave the create logic untouched.

    I fixed this in the first stable D8 release by simply extending core's TermAccessControlHandler instead of extending the EntityAccessControlHandler and adding sudden new logic to it.

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024