- Issue created by @hongqing
- πΊπΈUnited States agentrickard Georgia (US)
Are these domains active or inactive?
Inactive domains require special permissions ("Access inactive domains").
public function access(AccountInterface $account) { $domain = $this->domainNegotiator->getActiveDomain(); // No domain, let it pass. if (is_null($domain)) { return AccessResult::allowed()->addCacheTags(['url.site']); } // Active domain, let it pass. if ($domain->status()) { return AccessResult::allowed()->addCacheTags(['url.site']); } // Inactive domain, require permissions. else { $permissions = ['administer domains', 'access inactive domains']; $operator = 'OR'; return AccessResult::allowedIfHasPermissions($account, $permissions, $operator)->addCacheTags(['url.site']); } }
In general, I would *not* should this information to anonymous users, as it could be considered an information disclosure security leak, depending on your site's needs.
- π¨π³China hongqing
@agentrickard Thanks for your prompt reply. These domains are active. It will not show the domain access directly to anonymous users, it will show a
View Conditional
field, whereDomain Access
is the condition. - πΊπΈUnited States agentrickard Georgia (US)
I suspect this may be due to the fact that Domains are not stored in the database -- they are config objects -- and the View Conditional doesn't know how to load them.
I would be interested to know what query is being run to try to generate that output.
- π¨π³China hongqing
@agentrickard Thanks for your help. Finally, I find it is a permission issue. I have to grant anonymous users the permission "View all registered domains in the administration list", while the permission "View assigned domains in the administration list" is not enough for anonymous users to view the domains that the content is assigned to. I am not sure if there is a security issue to give anonymous users such permission.
- πΊπΈUnited States agentrickard Georgia (US)
It is not a security issue _per se_ since you have explicitly granted it. There are lots of bad permissions one can give anon users in Drupal.
What are you printing here?
- π¨π³China hongqing
I did not print Domain Access to the anonymous users directly. It is hidden and used as the condition of
View Conditional
field, Therefore, the web can show different page title for each domain. - πΊπΈUnited States agentrickard Georgia (US)
Interesting....
Everything working as expected? If so, please close this issue.
- πΊπΈUnited States bsnodgrass
Reviewing for π Documentation for 2.0.x Active . Relating this issue.
- Status changed to Closed: works as designed
6 months ago 11:26am 28 June 2024