Document that EntityAccessControlHandler::checkFieldAccess returns AccessResultAllowedByDefault

Created on 13 December 2023, over 1 year ago

Problem/Motivation

EntityAccessControlHandler::checkFieldAccess always returns allowed

This means that all fields are editable if the user has 'update' access to the entity.

We should document this as it could catch people out.

This was originally posted on security.drupal.org but cleared for a public issue by the security team

Steps to reproduce

Proposed resolution

Add additional documentation to \Drupal\Core\Field\FieldItemList::access and EntityAccessControlHandler::checkFieldAccess

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

๐Ÿ“Œ Task
Status

Active

Version

11.0 ๐Ÿ”ฅ

Component
Entityย  โ†’

Last updated about 20 hours ago

  • Maintained by
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom @catch
  • ๐Ÿ‡จ๐Ÿ‡ญSwitzerland @berdir
  • ๐Ÿ‡ฉ๐Ÿ‡ชGermany @hchonov
Created by

๐Ÿ‡ฆ๐Ÿ‡บAustralia larowlan ๐Ÿ‡ฆ๐Ÿ‡บ๐Ÿ.au GMT+10

Live updates comments and jobs are added and updated live.
  • Novice

    It would make a good project for someone who is new to the Drupal contribution process. It's preferred over Newbie.

  • Documentation

    Primarily changes documentation, not code. For Drupal core issues, select the Documentation component instead of using this tag. In general, component selection is preferred over tag selection.

Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024