Entity queries must explicitly set whether the query should be access c

Created on 22 April 2024, 8 months ago

Problem/Motivation

When saving the following error occurs:

Drupal\Core\Entity\Query\QueryException: Entity queries must explicitly set whether the query should be access checked or not. See Drupal\Core\Entity\Query\QueryInterface::accessCheck().

Steps to reproduce

  • Update to Drupal10
  • Try to save the config

Description
The \Drupal\Core\Entity\Query\QueryInterface::accessCheck() allows developers to specify whether only content entities that the current user has view access for should be returned when the query is executed. Although all entity queries support this method, core only actually implements access checking on the results for content entities that use sql-storage.

If ::accessCheck() is not called, then the query defaults to checking access, i.e. behaves as if ::accessCheck(TRUE) had been called. This behavior has been the source of many bugs, as it is easy for developers to forget that this happens.

In Drupal 9.2, not calling ::accessCheck() has been deprecated, and all entity queries on content entities should always include an explicit call to ::accessCheck() prior to the query being executed. For Drupal 10 this will be enforced by throwing an exception if ::accessCheck() is not called

🐛 Bug report
Status

Active

Version

3.8

Component

Code

Created by

🇭🇷Croatia marijan gudelj

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024