Contrib.social

Per-bundle view permissions are not checked for unpublished entities

Open on Drupal.org →
Created on 14 May 2024, 7 months ago

Problem/Motivation

Users with a bundle-specific view permission on unpublished entities (e.g. « View unpublished Alert Storage entities. ») obtain a 403 error when trying to visit /storage/{storage_id} (when the « Allow direct viewing of entities » option is enabled in the storage type edit form) or /storage/{storage_id}/translations. The dblog event states that « The 'view unpublished storage entities' permission is required. », which shows the bundle-specific permission is not checked.

Proposed resolution

Add per-bundle permissions checks for unpublished entities in the StorageAccessControlHandler.

🐛 Bug report
Status

Needs review

Version

1.3

Component

Code

Created by

🇫🇷France yohansenso

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024