The Field Permissions module relies on hook_entity_field_access() to forbid access to fields. The access result is determined by the \Drupal\field_permissions\FieldPermissionsService::getFieldAccess() method. However, this access result only allows for TRUE/FALSE return values. As a result, custom plugins that conditionally forbid access cannot pass the necessary cache context to the access result. The cached result is then applied for subsequent users, resulting in an incorrect behaviour.
Pass any cache metadata from the plugin getFieldAccess to the field_permissions_entity_field_access AccessResult.
None.
FieldPermissionType plugins must return an AccessResult
FieldPermissionType plugins hasFieldAccess method must return an AccessResult
Needs review
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This looks great. Marking RTBC. Thanks!
The last submitted patch, 5: 3300631-5.patch, failed testing. View results →