Entity access by field ignores 'view any unpublished content' permission

Created on 14 February 2024, 9 months ago

Problem/Motivation

EntityAccessHelper::entityAccessCheck() in open social submodule "entity_Access_by_field" only checks for "view own unpublished content" and admin permission (in case of nodes: "administer content") but skips checking for the "view any unpublished content" permission. In my case I have an editor role which should be allowed to view any unpublished content, but not to administer nodes, but does not work because of missing check for the specific permission.

Proposed resolution

Add check for "view any unpublished content" and return neutral access result.

📌 Task

Status

Needs review

Version

11.11

Component

Code (back-end)

Created by

🇩🇪Germany Duwid

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @Duwid
Comment 9 months ago →
🇩🇪Germany Duwid
Comment about 1 month ago →
🇳🇱Netherlands djschoone Breda
Thanks. Your patch fixes my use case. Very sane check.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024