Contrib.social

Domain Access field access resolved wrong in domain_entity_entity_field_access

Open on Drupal.org β†’
Created on 8 August 2024, 6 months ago

Problem/Motivation

Drupal 10.3
Domain 2.0.0-beta1

Domain Access field is visible always doesn't matter chosen behaviour BEHAVIOR_AUTO/BEHAVIOR_USER.

Steps to reproduce

1. Log is as Editor. (any not superuser role)
2. Make sure that editor have permission: "Publish content to any assigned domain" or "Publish to any domain".
3. Create Content type A.
4. Go to /admin/config/domain/entities/node
5. Enable domain entity access. Choose BEHAVIOR_AUTO for the domain access field.
Note: BEHAVIOR_AUTO == Affiliate automatically created entity to a value (no widget on entity creation form, auto-assignation).
6. Open form to create new node of A content type.

Result: domain access field is visible.
Expected Result: domain access field is hidden.

Proposed resolution

Function domain_entity_entity_field_access returns always neutral or allowed access. But never forbidden.

Current implementation:

if ($field_definition->getName() === DomainEntityMapper::FIELD_NAME && $operation == 'edit') {
    /** @var \Drupal\field\Entity\FieldConfig $field_definition */
    $behavior = $field_definition->getThirdPartySetting('domain_entity', 'behavior', DomainEntityMapper::BEHAVIOR_AUTO);
    $access = AccessResult::allowedIfHasPermission($account, 'set domain access status for all entities');
    $access = $access->orIf(AccessResult::allowedIf($behavior == DomainEntityMapper::BEHAVIOR_USER));
    $access->addCacheableDependency($field_definition);
    // @todo Add remaining conditions.
    return $access;
  }
  return AccessResult::neutral();

Proposal 1:

if ($field_definition->getName() === DomainEntityMapper::FIELD_NAME && $operation == 'edit') {
    /** @var \Drupal\field\Entity\FieldConfig $field_definition */
    $behavior = $field_definition->getThirdPartySetting('domain_entity', 'behavior', DomainEntityMapper::BEHAVIOR_AUTO);
    $access = AccessResult::allowedIfHasPermission($account, 'set domain access status for all entities');
    $access = $access->orIf(AccessResult::allowedIf($behavior == DomainEntityMapper::BEHAVIOR_USER));

    // @todo Add remaining conditions.
   return AccessResult::forbiddenIf(!$access->isAllowed())->addCacheableDependency($field_definition);
  }
  return AccessResult::neutral();

Proposal 2:

note: not sure about mixing allowedIf and forbiddenIf in one OR condition. But tested and it works.

  if ($field_definition->getName() === DomainEntityMapper::FIELD_NAME && $operation == 'edit') {
    /** @var \Drupal\field\Entity\FieldConfig $field_definition */
    $behavior = $field_definition->getThirdPartySetting('domain_entity', 'behavior', DomainEntityMapper::BEHAVIOR_AUTO);
    $access = AccessResult::allowedIfHasPermission($account, 'set domain access status for all entities');
    $access = $access->orIf(AccessResult::forbiddenIf($behavior == DomainEntityMapper::BEHAVIOR_AUTO));
    $access->addCacheableDependency($field_definition);
    // @todo Add remaining conditions.
    return $access;
  }
  return AccessResult::neutral();

User interface changes

none

API changes

none

Data model changes

none

πŸ› Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡¦Ukraine Anna D

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024