Messages are created without any mean of user access especially when queued

Created on 12 December 2020, over 3 years ago
Updated 30 January 2024, 5 months ago

Problem/Motivation

Let say you have a message which contain a token like [node_summary].
This token will create a view builder to display the node's fields with their value (using a display mode named "token" )

$node_summary = $view_builder->view($node, 'token', $lang_code);
$replacements[$original] = Drupal::service('renderer')->renderPlain($node_summary);

This is a hand-made token which will display the fields and their value as defined in /admin/structure/types/manage/xxxx/display/token

Problem 1:
--------------
If the message is queued, by default the queue is running as an anonymous user and the token will not be properly replaced because most of the time, there are field which require to be authenticated to be viewed

Problem 2:
--------------
Let say that the field field_with_secret can only be viewed by the role role_with_secret (And this field is in the display mode "token")
If the message is sent to users without this secret role, then there is no mechanism to remove this secret fields from the message

Proposal

It could be useful to use the AccountSwitcher class to send all messages with the access permissions of the recipient (which is the message owner as per this module spec)

We could switch and switch back the recipient account at several places... one idea is inside a Notifier like the following:

  public function send(MessageInterface $message, array $notify_options = [], $notifier_name = 'email') {
    // Switch the account to the recipient to make sure
    // We will not disclose any information
    $this->accountSwitcher->switchTo($message->getOwner());
    $result = parent::send($message, $notify_options, $notifier_name);
    $this->accountSwitcher->switchBack();
}

I tested this upper code inside an extended version of a Notifier: class MyMessageNotifier extends MessageNotifier and it is working very well.

Making sure that the information inside the message is allowed to be disclosed to each recipient is a real improvement.

πŸ› Bug report
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium DuneBL

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024