Option to bypass parent entity access check when determining paragraph access

Created on 6 September 2023, over 1 year ago

Problem/Motivation

On our site, we use the Group module to determine which users have access to edit which nodes. Our article content type has a paragraphs field for "Notes". We want users outside of the node's group to be able to add/edit/delete these notes, but not any other fields. We have created a custom display mode with just the Notes field and set up the routing so that any authenticated user can access it, but the Notes paragraph widget within the form is disabled because they don't have permission to actually edit the parent node.

It doesn't seem to be possible to override this using hook_entity_access() because the hook results are OR'ed with the result of ParagraphAccessControlHandler::checkAccess() which returns "forbidden" if the user doesn't have access to edit the parent entity.

Proposed resolution

The attached patch adds a "Bypass Paragraphs parent entity access checks" permission which will skip the portion of ParagraphAccessControlHandler::checkAccess() that checks the parent entity access. If anyone has a better idea for how to accomplish this please let me know!

✨ Feature request
Status

Active

Version

1.15

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States Amerie

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024