- Issue created by @Odai Atieh
- πΊπΈUnited States partdigital
Hi Odai,
This sounds relatively similar to a fix that was pushed last week. Does it still happen if you upgrade to the latest dev version?
- π―π΄Jordan Odai Atieh Amman
Hi Joshua,
I've upgraded the module to dev, but I'm facing another issue, now I can't see all needed rules for all fields. I just can find 2 of them.
Is there any change should I do before adding them?
- π―π΄Jordan Odai Atieh Amman
Also, I checked your commit here https://git.drupalcode.org/project/access_policy/-/commit/4685b80fe83f3b... but it didn't work.
- πΊπΈUnited States partdigital
I've upgraded the module to dev, but I'm facing another issue, now I can't see all needed rules for all fields. I just can find 2 of them.
I pushed up a change in beta6 that limited entity reference access rules to only fields that configured identically. For example, the Department taxonomy term field needs to have the same bundles selected for both the user and node fields. I added this in because it was adding a lot of fields that didn't do anything otherwise. Did you take a look at your entity reference fields to make sure they had the same bundles selected?
The ignore issue will require some more investigation. In the meantime there are a few workarounds that you can try.
- Break up your access rules across two access policies and group them into a Selection set. This allows you to assign two policies at the same time using OR logic. This is will have the same effect and should resolve the issue.
- You can create your own AccessRuleQueryHandler and modify the query.
For example, you can modify the annotation of the access rule and replace it with your own handler.
function mymodule_access_rule_alter(&$definitions). { $definitions['entity_field_entity_reference']['handlers']['query_alter'] = '\Drupal\mymodule\AccessRuleQueryHandler\MyQueryHandler'; } - π―π΄Jordan Odai Atieh Amman
Did you take a look at your entity reference fields to make sure they had the same bundles selected?
Yes, but for the node fields I used "filter by an entity reference view" to apply some restrictions so I think this breaks the rules in the access policy.
You can create your own AccessRuleQueryHandler and modify the query.
I've tried to add some changes to
queryIgnoreEmptyto add or group to get all entities that have the rules field empty, but it didn't work. I'll check AccessRuleQueryHandler as you recommended. - π―π΄Jordan Odai Atieh Amman
Break up your access rules across two access policies and group them into a Selection set. This allows you to assign two policies at the same time using OR logic. This will have the same effect and should resolve the issue.
I've tried the above suggestion, but didn't work. E.g. in case I selected department x and the location field was empty for a node, and the user was not in department x, then the node will be accessible. I think this is happened because the location field in the node was empty and the location rule was set to ignore empty values. which will add the user's locations to the query and allow empty value. So, the location policy will allow the user to access the node.
- πΊπΈUnited States partdigital
Did you try something like this?
Department policy
- Access rule: Department taxonomy term, empty value is set to deny
- Selection rule: Department field is not empty
- Selection set: Restricted
Location policy
- Access rule: Location taxonomy term, empty value is set to deny
- Selection rule: Location field is not empty
- Selection set: Restricted
If no value is provided for the Location field or the Department field it wonβt assign any policy and it will be accessible to everyone.
Yes, but for the node fields I used "filter by an entity reference view" to apply some restrictions so I think this breaks the rules in the access policy.
I've been able to reproduce this and will open a new ticket to address it.
- π―π΄Jordan Odai Atieh Amman
If no value is provided for the Location field or the Department field it wonβt assign any policy and it will be accessible to everyone.
Did you mean that if the location field or the department field is empty in the node or the user profile? because I'm talking about case if the fields were empty in the node not in the user profile.
and I'll try the suggested polices.