Wrong way to check Node constraint validation

Open on Drupal.org →

Created on 24 April 2024, about 1 year ago

Problem/Motivation

When creating an OpenAgenda node, constraint validation is made by calling the hasPermission from openagenda sdk. That method calls "/v2/me/agendas" endpoint which needs admin rights. But a given public key may be able to fetch events from public agenda without needing to have admin rights.

Proposed resolution

Try to get at least the first event when validating OpenAgenda node to ensure read right is ok.

🐛 Bug report

Status

Active

Version

3.4

Component

Code

Created by

🇫🇷France sgostanyan

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @sgostanyan
Comment about 1 year ago →
🇫🇷France sgostanyan
Comment about 1 year ago →
🇫🇷France sgostanyan
Status changed to Needs review about 1 year ago12:38pm 24 April 2024
Comment about 1 year ago →
🇫🇷France sgostanyan
Status changed to RTBC about 1 month ago3:03pm 28 April 2025
Comment about 1 month ago →
🇫🇷France pacproduct
@sgostanyan's patch in #2 solved a fatal error I had when submitting an open agenda content type:

Uncaught PHP Exception TypeError: "OpenAgendaSdk\OpenAgendaSdk::hasPermission(): Argument #1 ($agendaUid) must be of type int, string given, called in /var/www/public/modules/contrib/openagenda/src/Plugin/Validation/Constraint/OpenagendaPermissionValidator.php on line 42

Thanks!

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024