Module functionality fails because it uses parent's getAccessValues

Created on 8 February 2024, 9 months ago

Updated 22 February 2024, 9 months ago

Problem/Motivation

DomainRoleAccessManager implements a service that decorates the Domain's domain_access.manager. This means when Domain want's to check access DomainRoleAccessManager is used.

DomainRoleAccessManager extends the DomainAccessManager (the class that originally implements domain_access.manager service).
DomainRoleAccessManager does two things: overwrite getAccessValues with its own code and overwrite checkEntityAccess and hasDomainPermissions calling the parent:

  public function checkEntityAccess(FieldableEntityInterface $entity, AccountInterface $account) {
    return $this->parent->checkEntityAccess($entity, $account);
  }

  public function hasDomainPermissions(AccountInterface $account, DomainInterface $domain, array $permissions, $conjunction = 'AND') {
    return $this->parent->hasDomainPermissions($account, $domain, $permissions, $conjunction);
  }

So, when any code is using the domain_access.manager service and calls checkEntityAccess or hasDomainPermissions functions the functions of the parents (aka DomainAccessManager) are called. What's the problem? The parent knows nothing about the child DomainRoleAccessManager, so when inside parent's checkEntityAccess and hasDomainPermissions all calls to DomainAccessManager::getAccessValues instead of DomainRoleAccessManager::getAccessValues. This means that in such calls the DomainRoleAccessManager funcitonlaity is not taken into account.

Steps to reproduce

Create a new a domain (secondary)
Create a secondary_domain_role
Create a content A that is attached to the secondary domain
Create a user that has no access to the secondary domain but has the secondary_domain_role
Configure the secondary_domain_role to have access to secondary domain
Try to access to the A content with the created user: access denied is displayed but user should have access through the role configuration

Proposed resolution

Remove checkEntityAccess and hasDomainPermissions in DomainRoleAccessManager so they don't call the parent. Thanks to PHP polymorphism the parent will called but inside the parent the child's getAccessValues method will be called.

Remaining tasks

Create MR.

User interface changes

None.

API changes

checkEntityAccess and hasDomainPermissions removed from DomainRoleAccessManager. However, no problem because they are still present in DomainRoleAccessManager through inheritance.

Data model changes

None.

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇪🇸Spain tunic Madrid

Live updates comments and jobs are added and updated live.

Merge Requests

!2Module functionality fails because it uses parent's getAccessValues
Merged
🇪🇸Spain tunic
updated 9 months ago

Comments & Activities

Issue created by @tunic
Merge request !2Module functionality fails because it uses parent's getAccessValues → (Merged) created by tunic
Comment 9 months ago →
🇪🇸Spain tunic Madrid
Changed MR to merge to 2.x branch where 2.0.0 release is being cooked.

See 📌 Release 2.0.0 Active .
Comment 9 months ago →
🇪🇸Spain tunic Madrid
I'm merging this because branch 2.x is development branch and should not do any harm (at least until a new release).

@anrkaid, if you see any problem please comment it here, thanks!

Comment 9 months ago →

System Message

tunic → committed 433b4e46 on 2.x

Issue #3420006: Remove method so parent's implementation is usd instead

Status changed to Fixed 9 months ago11:22am 8 February 2024
Comment 9 months ago →
🇪🇸Spain tunic Madrid
Fixed in the 2.x branch.
Comment 9 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024