Contrib.social

Entity Reference recipient type sends emails to blocked users.

Open on Drupal.org β†’
Created on 3 June 2025, about 2 months ago

Problem/Motivation

Blocked (status = 0) users are currently not filtered out when using the "Entity Reference: User" recipient type in Workbench Email.
As a result, these users still receive workflow notification emails, which contradicts the expected behavior.

Proposed resolution

Filter out blocked users.
Added status check to `getEmailFromFieldItem()` in `EntityReferenceUser.php` to skip blocked users from receiving workflow emails.

Remaining tasks

User interface changes

API changes

Data model changes

πŸ› Bug report
Status

Active

Version

3.0

Component

Code

Created by

πŸ‡―πŸ‡΅Japan nakaza sora

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @nakaza sora
  • Merge request !31Issue #3528057: Skip blocked users in EntityReferenceUser recipient type β†’ (Open) created by Unnamed author
  • Pipeline finished with Success
    about 2 months ago
    Total: 151s
    #512992
  • Comment about 2 months ago β†’
    πŸ‡―πŸ‡΅Japan nakaza sora

    I've created a Merge Request for this issue.
    The same change is also available as an attached patch file.

  • Comment about 2 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia larowlan πŸ‡¦πŸ‡ΊπŸ.au GMT+10

    Thanks for working on this!

    The change looks good to me.

    Can we expand test coverage in \Drupal\Tests\workbench_email\Kernel\RecipientTypePluginsTest::testDelivery

    It would entail:

    * Changing line 84 to set a cardinality of 2

    - $this->createEntityReferenceField('node', 'test', 'field_approver', 'Approver', 'user');
+ $this->createEntityReferenceField('node', 'test', 'field_approver', 'Approver', 'user', cardinality: 2);

    And then this diff later

    diff --git a/tests/src/Kernel/RecipientTypePluginsTest.php b/tests/src/Kernel/RecipientTypePluginsTest.php
index 419800d..968eb0e 100644
--- a/tests/src/Kernel/RecipientTypePluginsTest.php
+++ b/tests/src/Kernel/RecipientTypePluginsTest.php
@@ -208,12 +208,16 @@ class RecipientTypePluginsTest extends KernelTestBase {
     $transition->save();
     $this->assertContains('workbench_email.workbench_email_template.test', $transition->calculateDependencies()->getDependencies()['config']);
 
+    $blocked_user = $this->createUser(values: ['status' => 0]);
     $node = Node::create([
       'title' => 'test',
       'uid' => $this->author->id(),
       'type' => 'test',
       'field_email' => 'random@example.com',
-      'field_approver' => $this->approver->id(),
+      'field_approver' => [
+        ['target_id' => $this->approver->id()],
+        ['target_id' => $blocked_user->id()],
+      ],
       'revision_uid' => $this->lastAuthor->id(),
       'moderation_state' => 'draft',
     ]);

    So two users in the field, but only one email in the test case.

    Thanks

  • Pipeline finished with Success
    about 2 months ago
    Total: 170s
    #513911
  • Comment about 2 months ago β†’
    πŸ‡―πŸ‡΅Japan nakaza sora

    @larowlan

    Thank you!

    I've expanded the test coverage.

    Please have a look when you have a moment.

  • Comment about 2 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia mstrelan
  • Comment about 2 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia larowlan πŸ‡¦πŸ‡ΊπŸ.au GMT+10

    @mstrelan pointed out that this is technically a security issue.
    I discussed it with the security team and they said it would be best to move this to a private discussion first.

    I'll do that and add you @nakaza sora

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024