Fix Entity queries must explicitly set whether the query should be access checked or not in Content Moderation Notifications

Created on 14 March 2023, almost 2 years ago
Updated 27 September 2023, about 1 year ago

Problem/Motivation

Having the following error for queries over entities.

Error message
Entity queries must explicitly set whether the query should be access checked or not. See Drupal\Core\Entity\Query\QueryInterface::accessCheck().

Proposed resolution

Have queries over entities changed in the Content Moderation Notifications module
With basic accessCheck(FALSE) or pass the needed access check for admins or selected user roles and permissions.

Access checking must be explicitly specified on content entity queries β†’
#2785449: It's too easy to write entity queries with access checks that must not have them β†’

BEFORE

// This gets all articles the current user can view.
$ids = \Drupal::entityQuery('node')
  ->condition('type', 'article')
  ->execute();

// This also gets all articles the current user can view.
$ids = \Drupal::entityQuery('node')
  ->accessCheck(TRUE)
  ->condition('type', 'article')
  ->execute();

// This gets all articles that exist regardless of access.
$ids = \Drupal::entityQuery('node')
  ->accessCheck(FALSE)
  ->condition('type', 'article')
  ->execute();

AFTER

// This will trigger a deprecation error.
$ids = \Drupal::entityQuery('node')
  ->condition('type', 'article')
  ->execute();

// Unchanged: This gets all articles the current user can view.
$ids = \Drupal::entityQuery('node')
  ->accessCheck(TRUE)
  ->condition('type', 'article')
  ->execute();

// Unchanged: This gets all articles that exist regardless of access.
$ids = \Drupal::entityQuery('node')
  ->accessCheck(FALSE)
  ->condition('type', 'article')
  ->execute();

Remaining tasks

  • File an issue
  • Patch/MR
  • Test
  • Review

User interface changes

  • N/A

API changes

  • N/A

Data model changes

  • N/A
πŸ“Œ Task
Status

Fixed

Version

3.0

Component

Code

Created by

πŸ‡―πŸ‡΄Jordan Rajab Natshah Jordan

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024