ViewRendered should check if the View render method has resulted in View access denied

Created on 18 December 2021, over 3 years ago
Updated 16 July 2025, 16 days ago

Problem/Motivation

Views Contextual Filters have the ability to display "Access Denied" based on the configuration settings and validation of the filter. Currently, entity_print ignores this and will simply generate an empty PDF, rather than providing a 403 response which would be more valid.

Steps to reproduce

  1. Create a View with a Contextual Filter and set the following configuration setting WHEN THE FILTER VALUE IS NOT IN THE URL to Display "Access Denied".
  2. Visit the URL to create a PDF for this View without providing the Contextual Filter.
  3. An empty PDF is created.

Proposed resolution

Refactor \Drupal\entity_print_views\Renderer\ViewRenderer::renderSingle to check for denied in the View execulatble's build_info array after the call to render() and throw a AccessDeniedHttpException if it is set. This is similar to what is done in \Drupal\views\Plugin\views\display\PathPluginBase::execute.

I will post a patch shortly that does this.

🐛 Bug report
Status

Needs review

Version

2.0

Component

Code

Created by

🇨🇦Canada tame4tex

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024