Very nice! #195 did a good Job for me and works!
@rcross but why in the view project? This is really related to core.
As patch #149 works for my use cases perfectly in D7 on mysql but cannot be applied to the latest 7.25 release, here is the patch rerolled if anybody else needs it.
I tested the patch at #149 and it also worked great for me. Thanks!
Sorry bad fault ;-) Here is the patch again. I hope it works now @freelock thanks for your help.
Does http://drupal.org/node/1349080#comment-7141442 not explain my thoughts or do you think these thought are not always right and open other issues?
Instead of checking for an empty join type we should probably check for an INNER join type, as then we want to handle it the strict way.
as @dawehner wrote works form me. And in my opinion this makes sence to check
if (empty($tableinfo['join type']) || $tableinfo['join type'] == 'INNER') {
cause in case of an inner join (when for axample a relationship is required) we need to have access check with
$query->exists($subquery);
To ensure that the user has access to the referenced nodes.
I added tha patch to this comment
Now I tried to backport the patch from #119 to D7. But there still seams to be a problem whit entities in a view in the fallowing use case. Before I create a test case, I want to make sure that the problem is related to this issue:
I have a "self made" entity that references a node just be putting the nodes nid into the entity tabel (no reference field). Then I added this relationship in hook_views_data.
In my view I show the "self made" entities and I added the relation to the referenced node, the relation is required.
I make sure that I dont have access to all referenced nodes. If I apply the patch, I see all the "self made" entities in the view. If I don't apply the patch, these entities that reference a node where I don't have access to, are not shown in the view (but of course then the initial issue occurs again). But as I understand, the query should check access to related nodes if "the relationship" is required.
It seams to me that 7.x patch http://drupal.org/node/1349080#comment-6384002 #89 has a security problem because when I show entities in a view that reference other entities and I check "require this relationship", i see the entities even if i don't have access to the referenced entities.
Patch at #89 worked for me!