- last update
almost 2 years ago Custom Commands Failed - last update
almost 2 years ago 29,465 pass - 🇺🇸United States greggles Denver, Colorado, USA
republishing after discussion that this can be handled in public.
- Merge request !9050Prevent inaccessible links from being displayed in LinkFormatter → (Open) created by herved
- 🇧🇪Belgium herved
MR created (PS: Nightwatch tests seem unstable, I had to re-run).
Please check #4 and #13, I feel like this issue extends beyond link formatters so leaving to needs work...
Here is a static patch from MR for composer. - Status changed to Needs review
11 months ago 10:15am 16 September 2024 - 🇧🇪Belgium herved
Rebased and moving to review, to get feedback on the approach, thanks.
- Status changed to Needs work
11 months ago 2:25pm 17 September 2024 - 🇧🇪Belgium herved
Thanks, though I wasn't looking for a code review yet (tests and upgrade path still todo) but rather opinions on the overall approach / scope as it may extend way beyond link formatters.
See #13. - 🇬🇧United Kingdom joachim
I am marking the following as duplicates:
- ✨ Only display internal links to content the user has access to view Closed: duplicate -- older, but has no code
- ✨ Link field > Access to internal links is not checked on display. Active -- more recent, has a MR
- #2968609: Link fields do not check access for entity refs → -- older, has a MR, but the MR has not been updated in longerCode from those issues with MRs should be compared with what is here, in case there are ideas that should be integrated into the MR here.
Participants in all those issues should have credit added here.
- 🇬🇧United Kingdom joachim
✨ Link field > Access to internal links is not checked on display. Active 's MR is pretty basic.
#2968609: Link fields do not check access for entity refs → 's MR has a lot of stuff that isn't here.
1. More work on the URL, e.g.:
if ($url->isRouted() && preg_match('/^entity\.(\w+)\.canonical$/', $url->getRouteName(), $matches)) { // Check access to the canonical entity route. $link_entity_type = $matches[1]; if (!empty($url->getRouteParameters()[$link_entity_type]))Should we be doing that here?
2. More stuff on caching that I've not looked at in depth
3. A function test (though it could really be a kernel test)
- 🇬🇧United Kingdom joachim
Also, outputting broken internal links really looks like a bug to me -- one of the duplicate issues filed it as such too.
- 🇬🇧United Kingdom joachim
I've tested the current MR with field data in all forms:
- a path alias to a node: /mynode
- a system path to a node: /node/1
- using the lookup to store the entityIn all cases, the item is skipped when the user doesn't have access, so that's working well!
I don't know about the caching side of things though -- see my comment above.