Weight field access is not checked

Created on 14 April 2023, almost 2 years ago

Updated 28 April 2023, almost 2 years ago

Problem/Motivation

The AJAX endpoint access handler only checks full entity update access, not field-level field access. This means that if a user has node edit access, but access to the weight field was restricted using e.g. the Field Permissions module → , the field will still be updated.

Steps to reproduce

Restrict access to the weight field using the Field Permissions module → and try to re-order entities.

Proposed resolution

Add a field-level access check.

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇧🇪Belgium dieterholvoet Brussels

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @dieterholvoet
@dieterholvoet opened merge request.
Comment almost 2 years ago →
System Message

DieterHolvoet → committed 6378e65c on 8.x-1.x
Issue #3354261 by DieterHolvoet: Weight field access is not checked
Comment almost 2 years ago →
🇧🇪Belgium dieterholvoet Brussels
Status changed to Fixed almost 2 years ago1:29pm 28 April 2023
Comment almost 2 years ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024