Contrib.social

Entity reference label formatter may render link to inaccessible entity

Open on Drupal.org β†’
Created on 29 October 2021, over 2 years ago
Updated 23 September 2023, 9 months ago

Problem/Motivation

Since #2692091: Use the new 'view label' entity access check in the entity reference label formatter β†’ the entity access check in the entity reference label formatter uses the "view label" operation.

AFAICT the change did not take the use case into account where the entity's label may be viewed, but the entity itself not, in conjunction with the show as link option.

If you configure the entity reference label formatter to output the referenced entities as links, it will also generate links to entities for which the user doesn't have access to. Clicking on this link will render an access denied page.

I would expect no links to be displayed for these entities and instead only the label.

Proposed resolution

Before creating a link to the entity, check if the user can actually view the entity.

πŸ› Bug report
Status

Closed: duplicate

Version

11.0 πŸ”₯

Component
EntityΒ  β†’

Last updated about 1 hour ago

Created by

πŸ‡§πŸ‡ͺBelgium rp7

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    This issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request β†’ as a guide.

    Since this is a bug it will need a test case to show the issue.

    Thanks!

  • Status changed to Closed: duplicate 9 months ago
  • Comment 9 months ago β†’
    kay64

    I am closing this issue, since there is a similar one, but with a covered test and RBTC status.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024