- ๐ญ๐ฐHong Kong eric_lee
one of my colleague also faced this issue
there was no any issue in modules or core file
Actually he was copying whole DB and source code to different machine and trying to run drupal
later we find the users table does not contain 0 uid
and it was actually at 14 uid, then we updated 14 -> 0 uid and it seems all work fine - ๐ฎ๐ณIndia anuragsharmam
Just to confirm, I have a user with uid 0 and I'm still facing the error.
After applying the patch from #5, it works fine. I suggest considering the issue and reviewing the suggested patch again. - Status changed to Needs review
about 2 years ago 1:28pm 5 July 2023 - Status changed to Closed: works as designed
about 1 year ago 2:36pm 1 July 2024 - ๐บ๐ธUnited States agentrickard Georgia (US)
Other code breaking the API is not our responsibility. That issue should be filed upstream with the caller.
- ๐ฌ๐งUnited Kingdom swatichouksey4u
I have a user with uid 0 and I'm still facing the error.
The suggested changes in patch #5 work for me. however, I am using the 2.0.0-beta2 version and couldn't apply the patch. So based on #5 I have created patch 6 which works well. - ๐ง๐ชBelgium andreasderijcke Antwerpen / Gent
AccountInterface instance can have no ID in valid use cases, even though the AccountInterface does not say so (but should).
A good example is the Search API RenderedItem processor: a User(Session) is created on the fly to render and index entities for that user's role. This user is never saved, thus has no ID.
See https://git.drupalcode.org/project/search_api/-/blob/8.x-1.x/src/Plugin/...Should the AccountInterface get updated to reflect the fact that the ID can be NULL, it still needs to be handled here.
- ๐บ๐ธUnited States agentrickard Georgia (US)
I do not think that is valid. It is an abuse of the API. If anything, it should be caught upstream before hook_node_grants is called.
Also, the link to the code does not seem relevant to this issue. That code seems to have moved https://git.drupalcode.org/project/search_api/-/blob/8.x-1.x/src/Plugin/...
- Status changed to Needs work
5 months ago 6:06pm 2 April 2025 - Merge request !181Issue #3327138: Domain access: TypeError in hook_node_grants can completely crash site. โ (Open) created by dhruv.mittal
- ๐ช๐ธSpain joristhedrupalist
joris drupal โ made their first commit to this issueโs fork.
- Merge request !182Issue #3327138 by mably, intrafusion, netsliver, joris drupal: Domain access: TypeError in hook_node_grants can completely crash site โ (Merged) created by joristhedrupalist
- ๐ซ๐ทFrance mably
Removing from next release for now.
I'm a bit annoyed by that
return TRUE;in thecheckEntityAccessmethod that seems to bypass security here.An explanation anyone?
- ๐ช๐ธSpain joristhedrupalist
@mably re comment #27, yes I saw that,
I assumed it was letting anonymous users view content on all domains as it was not explicitly forbidden by the users setting.
I was also wondering why that checkEntityAccess was not returning an AccessResult instead of a true
Looking at the module's domain_access_node_access it will return a neutral for anonymous users and checkEntityAccess will never get invoked...
- ๐ซ๐ทFrance mably
@joris-drupal so can we set it back to FALSE by default?
- ๐ช๐ธSpain joristhedrupalist
@mably
Yes, if there is no user it should be FALSE.
Even if the anonymous role has any off the
- 'view unpublished domain content'
- 'update ' . $type . ' content on assigned domains'
- 'edit domain content'
- 'delete ' . $type . ' content on assigned domains'
- 'delete domain content'
permissions it should return FALSE as the anonymous user just does not have a DomainAccessManagerInterface::DOMAIN_ACCESS_FIELD or a DomainAccessManagerInterface::DOMAIN_ACCESS_ALL_FIELD setting
Those permission should not be given to the anonymous user anyway...
-
mably โ
committed e95d061e on 2.0.x authored by
joris drupal โ
Issue #3327138 by mably, intrafusion, netsliver, joris drupal: Domain...
-
mably โ
committed e95d061e on 2.0.x authored by
joris drupal โ