Contrib.social

Entity reference label formatter may render link to inaccessible entity

Open on Drupal.org β†’
Created on 29 October 2021, about 3 years ago
Updated 23 September 2023, about 1 year ago

Problem/Motivation

Since #2692091: Use the new 'view label' entity access check in the entity reference label formatter β†’ the entity access check in the entity reference label formatter uses the "view label" operation.

AFAICT the change did not take the use case into account where the entity's label may be viewed, but the entity itself not, in conjunction with the show as link option.

If you configure the entity reference label formatter to output the referenced entities as links, it will also generate links to entities for which the user doesn't have access to. Clicking on this link will render an access denied page.

I would expect no links to be displayed for these entities and instead only the label.

Proposed resolution

Before creating a link to the entity, check if the user can actually view the entity.

πŸ› Bug report
Status

Closed: duplicate

Version

11.0 πŸ”₯

Component
EntityΒ  β†’

Last updated 1 day ago

Created by

πŸ‡§πŸ‡ͺBelgium rp7

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024