Contrib.social

Caching of domains in DomainAccessControlHandler

Open on Drupal.org β†’
Created on 6 May 2022, over 3 years ago
Updated 5 May 2023, over 2 years ago

Drupal Version

9.3.9

Domain module version

8.x-1.0-beta6

Expected Behavior

When performing a view operation for a domain entity - the result should depend on user permissions with proper caching.

Actual Behavior

When performing a view operation for a domain entity - returning result is a result from the first view operation.

Steps to reproduce

I've reproduced it using JSON:API module and executing GET requests to jsonapi/domain/domain end-point:

1. Make sure that anonymous users have no "view domain list" permission and authenticated users do.
2. Make sure you have cleared the cache.
3. Go to /jsonapi/domain/domain end-point as an anonymous user. You will get the correct result (no info about domains).
4. Got to /jsonapi/domain/domain end-point as an authenticated user. You still get no info about domains because the result is cached from the first operation.

You can perform 3 and 4 points in reverse order and in this case - an anonymous user will get all info about domain entities without having an appropriate permission set.

Proposed solution

Cache DomainAccessControlHandler and DomainAccessCheck results per permissions.

πŸ› Bug report
Status

Needs work

Component

Code

Created by

πŸ‡ΊπŸ‡¦Ukraine quadrexdev Lutsk

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024