Commit 3f057d61 authored by catch's avatar catch
Browse files

Issue #3204419 by jonathanshaw, longwave: EntityQuery accessCheck: always...

Issue #3204419 by jonathanshaw, longwave: EntityQuery accessCheck: always specifiy accessCheck, don't rely on the default
parent 96aa5ca5
......@@ -95,6 +95,7 @@ public function load() {
*/
protected function getEntityIds() {
$query = $this->getStorage()->getQuery()
->accessCheck(TRUE)
->sort($this->entityType->getKey('id'));
// Only add the pager if a limit is specified.
......
......@@ -460,6 +460,7 @@ protected function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS')
}
// Add entity-access tag.
$query->accessCheck(TRUE);
$query->addTag($target_type . '_access');
// Add the Selection handler for system_query_entity_reference_alter().
......
......@@ -73,6 +73,7 @@ public static function processDefaultValue($default_value, FieldableEntityInterf
if ($uuids) {
$target_type = $definition->getSetting('target_type');
$entity_ids = \Drupal::entityQuery($target_type)
->accessCheck(TRUE)
->condition('uuid', $uuids, 'IN')
->execute();
$entities = \Drupal::entityTypeManager()
......
......@@ -136,6 +136,7 @@ public function checkNodeAccess(array $tree) {
$nids = array_keys($node_links);
$query = $this->entityTypeManager->getStorage('node')->getQuery();
$query->accessCheck(TRUE);
$query->condition('nid', $nids, 'IN');
// Allows admins to view all nodes, by both disabling node_access
......
......@@ -129,6 +129,7 @@ public function build() {
// Load the selected feed.
if ($feed = $this->feedStorage->load($this->configuration['feed'])) {
$result = $this->itemStorage->getQuery()
->accessCheck(TRUE)
->condition('fid', $feed->id())
->range(0, $this->configuration['block_count'])
->sort('timestamp', 'DESC')
......
......@@ -220,6 +220,7 @@ public function getCountNewComments(EntityInterface $entity, $field_name = NULL,
// Use the timestamp to retrieve the number of new comments.
$query = $this->entityTypeManager->getStorage('comment')->getQuery()
->accessCheck(TRUE)
->condition('entity_type', $entity->getEntityTypeId())
->condition('entity_id', $entity->id())
->condition('created', $timestamp, '>')
......
......@@ -161,6 +161,7 @@ public function buildForm(array $form, FormStateInterface $form_state, $type = '
'operations' => $this->t('Operations'),
];
$cids = $this->commentStorage->getQuery()
->accessCheck(TRUE)
->condition('status', $status)
->tableSort($header)
->pager(50)
......
......@@ -149,6 +149,7 @@ public function buildRow(EntityInterface $entity) {
*/
protected function getEntityIds() {
$query = $this->getStorage()->getQuery()
->accessCheck(TRUE)
->sort('changed', 'DESC');
// Only add the pager if a limit is specified.
......
......@@ -300,6 +300,7 @@ public function addPageTitle(NodeTypeInterface $node_type) {
*/
protected function getRevisionIds(NodeInterface $node, NodeStorageInterface $node_storage) {
$result = $node_storage->getQuery()
->accessCheck(TRUE)
->allRevisions()
->condition($node->getEntityType()->getKey('id'), $node->id())
->sort($node->getEntityType()->getKey('revision'), 'DESC')
......
......@@ -93,7 +93,7 @@ public static function createInstance(ContainerInterface $container, EntityTypeI
* {@inheritdoc}
*/
protected function getEntityIds() {
$query = $this->getStorage()->getQuery();
$query = $this->getStorage()->getQuery()->accessCheck(TRUE);
$search = $this->currentRequest->query->get('search');
if ($search) {
......
......@@ -209,6 +209,7 @@ protected function valueForm(&$form, FormStateInterface $form_state) {
else {
$options = [];
$query = \Drupal::entityQuery('taxonomy_term')
->accessCheck(TRUE)
// @todo Sorting on vocabulary properties -
// https://www.drupal.org/node/1821274.
->sort('weight')
......
......@@ -178,6 +178,7 @@ function taxonomy_tokens($type, $tokens, array $data, array $options, Bubbleable
case 'term-count':
$replacements[$original] = \Drupal::entityQuery('taxonomy_term')
->accessCheck(TRUE)
->condition('vid', $vocabulary->id())
->addTag('vocabulary_term_count')
->count()
......
......@@ -67,6 +67,7 @@ public static function createInstance(ContainerInterface $container, EntityTypeI
*/
public function load() {
$entity_query = $this->storage->getQuery();
$entity_query->accessCheck(TRUE);
$entity_query->condition('uid', 0, '<>');
$entity_query->pager(50);
$header = $this->buildHeader();
......
......@@ -292,9 +292,12 @@ public function testCheckNodeAccess() {
$query = $this->createMock('Drupal\Core\Entity\Query\QueryInterface');
$query->expects($this->at(0))
->method('accessCheck')
->with(TRUE);
$query->expects($this->at(1))
->method('condition')
->with('nid', [1, 2, 3, 4]);
$query->expects($this->at(1))
$query->expects($this->at(2))
->method('condition')
->with('status', NodeInterface::PUBLISHED);
$query->expects($this->once())
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment