- Issue created by @JonMcL
I'm a little confused. I really like the idea of using the entity.query_access events to alter queries for entity access control, but I'm confused by the current implementation of EventOnlyQueryAccessHandler and its getConditions method.
/**
* {@inheritdoc}
*/
public function getConditions($operation, AccountInterface $account = NULL) {
$account = $account ?: $this->currentUser;
$entity_type_id = $this->entityType->id();
$conditions = new ConditionGroup('OR');
// Allow other modules to modify the conditions before they are used.
$event = new QueryAccessEvent($conditions, $operation, $account, $entity_type_id);
$this->eventDispatcher->dispatch($event, 'entity.query_access');
$this->eventDispatcher->dispatch($event, "entity.query_access.{$entity_type_id}");
return $conditions;
}
Why does this function use $conditions = new ConditionGroup('OR'); and not $conditions = new ConditionGroup('AND'); ?
I end up replacing this handler with my own, primarily to change the OR to an AND. If this is intended to limit access to entities, based on additional conditions, shouldn't those conditions be added with AND conjunctions?
Or, you know, I am using it wrong. Very possible. :)
Active
1.4
Core integration