[1.x] Entity Access by Reference Field

Supporting this request. @Grevil is an essential and super reliable member of our Drupal Developer Team since 2 years 6 months now and I'm sure he's eager to follow Drupal (security) best practices!

Clear +1. Also have a look at his profile and the many contrib issues he fixed or helped to fix already. (Even 8 core issues).

Thank you for applying! Reviewers will review the project files, describing what needs to be changed.

Please read Review process for security advisory coverage: What to expect → for more details and Security advisory coverage application checklist → to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.

To reviewers: Please read How to review security advisory coverage applications → , What to cover in an application review → , and Drupal.org security advisory coverage application workflow → .

While this application is open, only the user who opened the application can make commits to the project used for the application.

Reviewers only describe what needs to be changed; they don't provide patches to fix what reported in a review.

Thank you for applying!

Please notice that the purpose of these applications is reviewing a project to understand what the person who applies understands about writing secure code that follows the Drupal coding standards and correctly uses the Drupal API, not what all the project maintainers collectively understand about those points.

In the branch used for this application there are five commits done by another person, out of 20 commits done.

Please see that the 5 commits made by another person all relate to issues. In these issues combined are 33 further commits. Out of these 33 commits, only 3 were made by another person. Only because somebody reviews and merges an issue, doesn't mean they wrote the commit.
Please see for yourself:
https://git.drupalcode.org/project/entity_access_by_reference_field/-/me...
https://git.drupalcode.org/project/entity_access_by_reference_field/-/me...
https://git.drupalcode.org/project/entity_access_by_reference_field/-/me...
https://git.drupalcode.org/project/entity_access_by_reference_field/-/me...
https://git.drupalcode.org/project/entity_access_by_reference_field/-/me...
https://git.drupalcode.org/project/entity_access_by_reference_field/-/me...

I saw who created the merge request, and that is the reason I left the comment. While this application is open, we expect that commits on the project and in the branch used for the application are done from the person who created the application, not from other project maintainers.
Since this point does not seem clear to everybody, I left a comment.

Thanks @apaderno for the clarification. I think this was misunderstood and @Grevil thought the application is blocked by this situation. But you just wanted to point out the details. So all good and this can be proceeded. Thanks :)

@apaderno completely misunderstood you then! I apologize if I sounded rude!

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

• Dries → ' post on Responsible maintainers
• Best practices for creating and maintaining projects →
• Maintaining a drupal.org project with Git →
• Commit messages - providing history and credit →
• Release naming conventions → .
• Helping maintainers in the issue queues →

You can find more contributors chatting on the Slack → #contribute channel. So, come hang out and stay involved → .
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review → . I encourage you to learn more about that process and join the group of reviewers.

I thank all the reviewers.

Great Stuff! Thanks a LOT @apaderno! 🤩🎉

Automatically closed - issue fixed for 2 weeks with no activity.