If displaying a rendered entity in a view, role must have edit permissions to avoid fatal memory exhaustion.

Created on 28 June 2024, 6 months ago
Updated 11 July 2024, 5 months ago

Problem/Motivation

I wrote some twig templates for rendering storage entities to stop myself from loading a bunch of fields and doing stupid rewrites in views of single entities that are related to ones of different types (here's A, the B's in it, and lists of Cs by status) (here's B and the A it belongs to, all the C's in it), (here's a C, then the A and B related to it), etc.

The entities weren't being rendered on a non-admin account, and had a "duh" moment - I needed to give them permission to "View published Storage entities". Doing so led to a long load time and the following error:

Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 20480 bytes) in /app/web/core/lib/Drupal/Core/Entity/EntityDisplayBase.php on line 377

I tried a role with intermediary permissions and it worked. Hmm.

Unticking permissions from that role one by one, I found that with only "Edit any Storage entity" and "View published Storage entities" checked would the view load normally. This was a dummy account, if necessary I could create an entity with it and then try "View own published Storage entities".

I definitely don't want that role to be able to edit those entities!

I recognize this module is built around data that isn't displayed directly, but there are permissions for it and I feel like this can't be a unique use case.

These are not editable fields or anything fancy like that, just default form mode.

Steps to reproduce

Load a storage entity type into a views field by adding a "Rendered entity Storage Renders an entity in a view mode" field.

Set the only storage permissions for the role on the account logged in to "Edit any Storage entity" and "View published Storage entities".

View the view.

Uncheck "Edit any Storage entity" so only "View published Storage entities" and check again.

Only having "Edit any Storage entity" leads to the page rendering normally, but the rendered entity fields being invisible.

πŸ› Bug report
Status

Active

Version

1.3

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States erutan

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024