UserAccessControlHandler is replaced by EntityAccessControlHandler in getHandler()

Created on 22 June 2023, over 1 year ago
Updated 9 May 2024, 7 months ago

Problem/Motivation

Currently, the decorated EntityTypeManager replaces UserAccessControlHandler with the EntityAccessControlHandler, where the user handler has its own overridden checkAccess, checkFieldAccess methods.

Proposed resolution

Create a separate pach/UserAccessControlHandler which extends core UserAccessControlHandler.

Remaining tasks

N/A

User interface changes

N/A

API changes

N/A

Data model changes

N/A

🐛 Bug report
Status

Fixed

Version

10.0

Component

Code

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @volodymyr.umanets
  • Status changed to Postponed: needs info over 1 year ago
  • 🇩🇪Germany stborchert

    Can you give a concrete example of what is not working right now? pach should decorate the UserAccessControlHandler as well as any other access handler.

  • Status changed to Closed: cannot reproduce 11 months ago
  • 🇩🇪Germany stborchert

    Hey @volodymyr.umanets. While adding tests to the latest version I noticed some error when decorating UserAccessControlHandler. Maybe these are the reason for your issue ... could you please try version 2.0.3 (or 10.0.0 if you are already on Drupal 10.2).

  • Hi @stBorchert

    I didn't work on that project recently, so I tried to update Drupal up to latest 10.2.5 version so I could use latest 10.0.0 pach module.
    Unfortunately, I still see the issue here.

    So the issue is that your module decorates all entities with the same Handler, see the function EntityTypeManager::getHandler line
    $class = 'Drupal\pach\Entity\EntityAccessControlHandler';
    then class EntityAccessControlHandler extends CoreEntityAccessControlHandler
    but if u check User entity, it has own UserAccessControlHandler which u totally skip:
    class UserAccessControlHandler extends EntityAccessControlHandler

    That leads us to the issue when for instance we can see disabled profile fields, see my screen:

  • Status changed to Postponed: needs info 7 months ago
  • 🇩🇪Germany stborchert

    Hey.
    Drupals UserAccessControlHandler overrides tow methods of EntityAccessControlHandler: checkAccess() and checkFieldAccess(). Both methods are not overridden by the entity access control handler defined by pACH so pACH doesn't change anything defined in UserAccessControlHandler.
    Do you have other modules installed controlling access to entities? In your screenshot I see "domain_alias" for example ... Could you please post some more details about your setup?

  • @stBorchert But your entity type manager just replaces the handler of User entity:

    $entity_type = 'user'
    $class = 'Drupal\pach\Entity\EntityAccessControlHandler';
    $this->handlers[$handler_type][$entity_type] = $this->createHandlerInstance($class, $definition);

    Yes, you don't override those methods, but you also don't use core UserAccessControlHandler class anymore, instead, your own $class is used.

  • Status changed to Active 7 months ago
  • 🇩🇪Germany stborchert

    Ok, I see. UserAccessControlHandler is not replaced entirely, but my service is decorating Drupal\Core\Entity\EntityAccessControlHandler. It only wraps some of its methods and adds some functionality.

    Unfortunately, in case an AccessControlHandler extending the core EntityAccessControlHandler overrides a function that exists in Drupal\Core\Entity\EntityAccessControlHandler it wouldn't be called after decorating.

    Hm, I need to think about a while and search for a way to call the extending classes method.

  • Merge request !2Resolve #3368829 "Use original methods" → (Merged) created by stborchert
  • Status changed to Needs review 7 months ago
  • 🇩🇪Germany stborchert

    Hey @volodymyr.umanets. I've made some changes and pushed it into MR 2. Could you please review the changes and test if that works for you?

  • Hi @stBorchert, the fix seems to work fine.

  • 🇩🇪Germany stborchert

    Great.
    I'll try to add some more tests to catch some edge cases and will merge the changes.

  • Status changed to Fixed 7 months ago
  • 🇩🇪Germany stborchert

    Woah ... while adding some tests I noticed something way really off. So I had to rewrite some parts of the AccessHandler 🙈

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024