- Issue created by @john pitcairn
I have a view that displays microcontent fields, including the revision_log field.
The microcontent revision_log field in a views row is not visible to content editors unless they have the "edit own [type] microcontent" or "edit any [type] microcontent" permission (the latter if they do not own the microcontent item). This is an undesirable privilege elevation.
EntityAccessControlHandler::checkfieldAccess() switches the operation to "view revision" if the field being checked is a revision log field. MicrocontentAccessHandler::checkAccess() does not recognise that operation and returns neutral, so EntityAccessControlHandler::checkfieldAccess() switches the operation to "update" and tries again. Access to the field is denied if the user does not have edit permission.
Microcontent should explicitly support the "view revision" access operation, checking an associated "view all microcontent revisions" permission.
Active
Code