Views - Anonymous User - Contrib.social

query MyQuery { entityById(entityType: VIEW, id: "name_of_view_with_no_access_restriction") { ... on View { id executable { ... on ViewExecutableContentDefault { __typename execute(title: "test") { rows { label toArray } } } } } } }

Comments & Activities

Issue created by @whiz11
Comment over 1 year ago →
🇲🇺Mauritius whiz11
Comment over 1 year ago →
🇲🇺Mauritius whiz11
Comment over 1 year ago →
🇲🇺Mauritius whiz11
Comment over 1 year ago →
🇲🇺Mauritius whiz11

Comment over 1 year ago →

🇲🇺Mauritius whiz11

I was able to get around this by implementing a hook_ENTITY_TYPE_access and checking the views access level for the user.

function mymodule_view_access(View $view, $operation, $account) {
  $route_name = \Drupal::routeMatch()->getRouteName();

  if ($operation === 'view' && $route_name === 'graphql.query.core_schema') {
    return AccessResult::allowedIf($view->getExecutable()->access('page_1', $account));
  }

  return AccessResult::neutral();
}

Status changed to Fixed over 1 year ago12:55pm 15 May 2023
Comment over 1 year ago →
🇨🇭Switzerland ayalon
By default we had to implement very strict access checking to not leak any data.

Therefor you have to implement your own access checks for entities or routes that you want to make visible in GraphQL.

The approach you did is therefore correct.
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Views - Anonymous User

Problem/Motivation

Steps to reproduce

Comments & Activities