A recent security fix introduced a regression that affects facets for custom entities. The access check was updated, but it now causes facets to be hidden from anonymous users.
This happens because the new check uses a generic 'view' operation instead of the more specific 'view label' operation, which is the correct permission for this context. Entities that have a custom viewLabelOperation property are affected, as the permission check fails even when users have the necessary access to view the entity label.
The solution is to change the access check to use the more specific 'view label' operation, which is the correct permission for this context.
Change the line:
$access_result = $access->access($entity, 'view', return_as_object: TRUE);
to:
$access_result = $access->access($entity, 'view label', return_as_object: TRUE);
This adjustment will ensure that the access check correctly validates against the appropriate permission, allowing facets for custom entities with viewLabelOperation to be visible to users who have the correct permissions.
None
None
None
Active
2.0
Code
It restores functionality that was present in earlier versions.