- Issue created by @Bobik
- Merge request !13Issue #3436447: Entity queries must explicitly set whether the query should be... → (Open) created by Unnamed author
- last update
3 months ago 10 pass - 🇮🇳India Raveen Kumar
@bobi, you're calling the accessCheck() method without passing any arguments. By default, Drupal will perform access checking if you don't specify anything, so calling ->accessCheck() without arguments is equivalent to ->accessCheck(TRUE)
- Status changed to Needs review
3 months ago 12:23pm 27 March 2024 - last update
3 months ago 10 pass - Status changed to Postponed: needs info
3 months ago 2:13pm 27 March 2024 - 🇺🇸United States TR Cascadia
Look at the code - accessCheck() is already in there and has been in there for a long time. How did you get this error?
- Issue was unassigned.
- Status changed to Needs review
3 months ago 7:01pm 27 March 2024 - 🇺🇦Ukraine Bobik
Hi
@Raveen Thakur
The method accessCheck() has the default value TRUE
@see web/core/lib/Drupal/Core/Entity/Query/QueryInterface.php
If you didn't have any parameters access checking will enabled@TR
I've chacked once again my site and the Voting API module. I using the 8.x-3.0-beta4 version. In this version the getEntityResults() method doesn't have call the accessCheck() method. Also, I've checked the dev version of the module. The accessCheck() really exists in it. It something strange why these changes didn't include the latest release of the module. The patch is solving the problem to the next release - 🇬🇧United Kingdom aaron.ferris
Also noticing this issue, by way of the like_and_dislike module.
The access check is there for VoteStorage, but not VoteResultStorage unless im missing something. This patch is for VoteResultStorage.
- Status changed to Closed: works as designed
2 months ago 2:40pm 16 April 2024 - 🇺🇸United States TR Cascadia
That's not how Deepak works. Beta4 can't be changed my dudes go in -dev, and -dev is already correct in this case.
- 🇬🇧United Kingdom aaron.ferris
This change isn't in -dev, or -beta.
Dev
/** * Storage class for vote entities. * * This extends the \Drupal\entity\EntityDatabaseStorage class, adding * required special handling for vote entities. */ class VoteResultStorage extends SqlContentEntityStorage implements VoteResultStorageInterface { /** * {@inheritdoc} */ public function getEntityResults($entity_type_id, $entity_id, $vote_type, $function) { $query = \Drupal::entityQuery('vote_result') ->condition('entity_type', $entity_type_id) ->condition('entity_id', $entity_id) ->condition('type', $vote_type); if (!empty($function)) { $query->condition('function', $function); } $query->sort('type'); $query->accessCheck(TRUE); $vote_ids = $query->execute(); return VoteResult::loadMultiple($vote_ids); } }