- Issue created by @m.stenta
- πΊπΈUnited States m.stenta
I'm not sure if this should be considered a "breaking change". Technically it is a bug that allows entities to be deleted that shouldn't be.
In either case, I'm planning on starting a 2.x branch to drop support for Drupal 9 and add support for Drupal 11, so I'll make this change in there so it's part of a 2.0.0 release.
- πΊπΈUnited States m.stenta
I haven't tested this to confirm, but it seems to be the case looking at the code.
I tested this manually and it doesn't actually seem to be an issue. I created two node types, "page" and "test", both with a reference field to "page" nodes. I created 1 "page" node and 1 "test" node that references the page node. Then I created a role that only has access to view and delete "page" nodes, but not "test" nodes. When I log in as a user with that role, and I attempt to delete the "page" node, I see that I am prevented from doing so by the other node (which I do not have access to).
Nevertheless, I think it would be more correct to use
accessCheck(FALSE)
. Even if it doesn't have an effect in the current implementation, it may in the future, or in other use-cases of this module's API. - Merge request !13Do not install system sequences schema in kernel tests. β (Merged) created by m.stenta
-
m.stenta β
committed e0747fb8 on 2.x
Issue #3509508: Disable access checking in...
-
m.stenta β
committed e0747fb8 on 2.x
Automatically closed - issue fixed for 2 weeks with no activity.