Entity queries must explicitly set whether the query should be access checked or not

Created on 13 March 2024, 9 months ago

Updated 15 March 2024, 8 months ago

Problem/Motivation

Drupal 10 requires entity queries to explicitly set the access check.

Steps to reproduce

This line as an example is taken from Like and dislike module:

  /** @var \Drupal\votingapi\VoteResultStorageInterface $vote_result_storage */
  $vote_result_storage = \Drupal::entityTypeManager()->getStorage('vote_result');

  // Get like votes.
  $like = $vote_result_storage->getEntityResults($entity->getEntityTypeId(), $entity->id(), 'like', 'vote_sum');

Execution of the above fails with error:
Drupal\Core\Entity\Query\QueryException: Entity queries must explicitly set whether the query should be access checked or not. See Drupal\Core\Entity\Query\QueryInterface::accessCheck(). in Drupal\Core\Entity\Query\Sql\Query->prepare() (line 141 of /www/web/core/lib/Drupal/Core/Entity/Query/Sql/Query.php).

Proposed resolution

Add explicit access check instruction in entity query, file src/VoteResultStorage.php, method getEntityResults():

    $query = \Drupal::entityQuery('vote_result')
      ->accessCheck(FALSE)
      ->condition('entity_type', $entity_type_id)
      ->condition('entity_id', $entity_id)
      ->condition('type', $vote_type);

🐛 Bug report

Status

Closed: works as designed

Component

Code

Created by

🇮🇪Ireland vbalsys

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @vbalsys
Comment 9 months ago →
🇮🇪Ireland vbalsys
Status changed to Closed: works as designed 8 months ago3:39am 15 March 2024
Comment 8 months ago →
🇺🇸United States tr Cascadia
Already fixed. 🐛 Voting Storages does not check access on entity query Fixed

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024