Contrib.social

Cache metadata by plugins is discarded

Open on Drupal.org →
Created on 29 July 2022, almost 3 years ago
Updated 25 January 2023, over 2 years ago

Problem/Motivation

The Field Permissions module relies on hook_entity_field_access() to forbid access to fields. The access result is determined by the \Drupal\field_permissions\FieldPermissionsService::getFieldAccess() method. However, this access result only allows for TRUE/FALSE return values. As a result, custom plugins that conditionally forbid access cannot pass the necessary cache context to the access result. The cached result is then applied for subsequent users, resulting in an incorrect behaviour.

Proposed resolution

Pass any cache metadata from the plugin getFieldAccess to the field_permissions_entity_field_access AccessResult.

Remaining tasks

  1. Write a patch
  2. Review
  3. Commit

User interface changes

None.

API changes

FieldPermissionType plugins must return an AccessResult

Data model changes

FieldPermissionType plugins hasFieldAccess method must return an AccessResult

🐛 Bug report
Status

RTBC

Version

1.0

Component

Code

Created by

🇳🇱Netherlands idebr

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 2 years ago
    🇺🇸United States jhedstrom Portland, OR

    This looks great. Marking RTBC. Thanks!

  • Status changed to Needs work about 2 years ago
  • Comment about 2 years ago
    🇺🇸United States jhedstrom Portland, OR

    Patch in #2 no longer applies unfortunately.

  • Status changed to Needs review about 2 years ago
  • Comment about 2 years ago
    🇮🇳India mrinalini9 New Delhi

    Rerolled patch #2, please review it.

    Thanks!

  • Comment about 2 years ago
    System Message

    The last submitted patch, 5: 3300631-5.patch, failed testing. View results

  • Status changed to Needs work about 2 years ago
  • Comment about 2 years ago
    🇺🇸United States jhedstrom Portland, OR

    Thee reroll in #5 missed some of the changes and broke the tests unfortunately.

  • Status changed to Needs review about 2 years ago
  • Comment about 2 years ago
    🇺🇸United States jhedstrom Portland, OR
  • First commit to issue fork.
  • Merge request !26Issue #3300631: Cache metadata by plugins is discarded → (Open) created by sokru
  • Pipeline finished with Success
    about 1 year ago
    Total: 171s
    #123406
  • Pipeline finished with Failed
    8 months ago
    Total: 208s
    #297107
  • Comment 8 months ago
    🇳🇱Netherlands idebr

    Updated the MR with the latest changes in 8.x-1.x

  • Pipeline finished with Success
    about 2 months ago
    Total: 15535747s
    #297125
  • Status changed to Needs work about 1 month ago
  • Comment about 1 month ago
    🇷🇴Romania claudiu.cristea Arad 🇷🇴

    This looks like an API change which could break backwards compatibility for 3rd-parties. I would suggest to create new methods which are returning AccessResultInterface and deprecate the methods returning boolean

  • Comment about 1 month ago
    🇦🇺Australia nigelcunningham Geelong

    I do agree that it breaks backwards compatibility, but it's also true that the current interface is broken - caching information is discarded, which could perhaps be counted as a security issue. No point treating it as one though (I think) since this issue has been public for so long.

    If that logic makes sense, I'd argue that the logic should just be fixed an dependant modules should be forced to update to match as quickly as possible.

  • Pipeline finished with Success
    14 days ago
    Total: 187s
    #486656
  • Pipeline finished with Success
    14 days ago
    Total: 184s
    #486659
  • Pipeline finished with Success
    14 days ago
    Total: 253s
    #486663
  • Comment 14 days ago
    🇳🇱Netherlands idebr

    #12 Return a boolean is now still valid, but triggers a deprecation

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024