Fix filtering on Node's Authored by field (and on other entity reference fields)

Created on 17 January 2025, 3 months ago

Problem/Motivation

See attached video.

Steps to reproduce

Proposed resolution

Override \Drupal\user\Plugin\EntityReferenceSelection\UserSelection::getReferenceableEntities() and make sure entity access check ($entity->access('view label')) is called on results before they are returned.

(Assuming that there is no efficient way to filter out users at the query level in \Drupal\user\Plugin\EntityReferenceSelection\UserSelection::buildEntityQuery()

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

1.0

Component

Code

Created by

🇭🇺Hungary mxr576 Hungary

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @mxr576
Comment 3 months ago →
🇺🇸United States greggles Denver, Colorado, USA
Can you update the IS with the permissions for the user that makes this a bug? And maybe what happens if that user goes to user/1

It seems like an uncommon configuration to be able to set privileged fields like author of a node and not see usernames, but the behavior should be consistent if that configuration does happen.
Comment 3 months ago →
🇭🇺Hungary mxr576 Hungary
updated IS
Comment 3 months ago →
🇭🇺Hungary mxr576 Hungary
Comment 8 days ago →
🇭🇺Hungary mxr576 Hungary

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024