Module functionality fails because it uses parent's getAccessValues

Created on 8 February 2024, 10 months ago
Updated 22 February 2024, 10 months ago

Problem/Motivation

DomainRoleAccessManager implements a service that decorates the Domain's domain_access.manager. This means when Domain want's to check access DomainRoleAccessManager is used.

DomainRoleAccessManager extends the DomainAccessManager (the class that originally implements domain_access.manager service).
DomainRoleAccessManager does two things: overwrite getAccessValues with its own code and overwrite checkEntityAccess and hasDomainPermissions calling the parent:

  public function checkEntityAccess(FieldableEntityInterface $entity, AccountInterface $account) {
    return $this->parent->checkEntityAccess($entity, $account);
  }

  public function hasDomainPermissions(AccountInterface $account, DomainInterface $domain, array $permissions, $conjunction = 'AND') {
    return $this->parent->hasDomainPermissions($account, $domain, $permissions, $conjunction);
  }

So, when any code is using the domain_access.manager service and calls checkEntityAccess or hasDomainPermissions functions the functions of the parents (aka DomainAccessManager) are called. What's the problem? The parent knows nothing about the child DomainRoleAccessManager, so when inside parent's checkEntityAccess and hasDomainPermissions all calls to DomainAccessManager::getAccessValues instead of DomainRoleAccessManager::getAccessValues. This means that in such calls the DomainRoleAccessManager funcitonlaity is not taken into account.

Steps to reproduce

  1. Create a new a domain (secondary)
  2. Create a secondary_domain_role
  3. Create a content A that is attached to the secondary domain
  4. Create a user that has no access to the secondary domain but has the secondary_domain_role
  5. Configure the secondary_domain_role to have access to secondary domain
  6. Try to access to the A content with the created user: access denied is displayed but user should have access through the role configuration

Proposed resolution

Remove checkEntityAccess and hasDomainPermissions in DomainRoleAccessManager so they don't call the parent. Thanks to PHP polymorphism the parent will called but inside the parent the child's getAccessValues method will be called.

Remaining tasks

Create MR.

User interface changes

None.

API changes

checkEntityAccess and hasDomainPermissions removed from DomainRoleAccessManager. However, no problem because they are still present in DomainRoleAccessManager through inheritance.

Data model changes

None.

🐛 Bug report
Status

Fixed

Version

1.0

Component

Code

Created by

🇪🇸Spain tunic Madrid

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024