Skip to content
Snippets Groups Projects
Commit 96aa5ca5 authored by catch's avatar catch
Browse files

Issue #3202125 by jonathanshaw, Berdir, catch, longwave: EntityQuery... 

Issue #3202125 by jonathanshaw, Berdir, catch, longwave: EntityQuery accessCheck: unique value validation should not be access sensitive
parent 4b08fbad
No related branches found
No related tags found
6 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!1012Issue #3226887: Hreflang on non-canonical content pages,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10,!596Issue #3046532: deleting an entity reference field, used in a contextual view, makes the whole site unrecoverable,!496Issue #2463967: Use .user.ini file for PHP settings,!16Draft: Resolve #2081585 "History storage"
Hide whitespace changes
Inline Side-by-side
core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/UniqueFieldValueValidator.php
+ 3
0
View file @ 96aa5ca5
...@@ -25,6 +25,9 @@ public function validate($items, Constraint $constraint) { ...@@ -25,6 +25,9 @@ public function validate($items, Constraint $constraint) {
$query = \Drupal::entityQuery($entity_type_id); $query = \Drupal::entityQuery($entity_type_id);
// @todo Don't check access. http://www.drupal.org/node/3171047
$query->accessCheck(TRUE);
$entity_id = $entity->id(); $entity_id = $entity->id();
// Using isset() instead of !empty() as 0 and '0' are valid ID values for // Using isset() instead of !empty() as 0 and '0' are valid ID values for
// entity types using string IDs. // entity types using string IDs.
......
core/modules/migrate/src/Plugin/migrate/process/MakeUniqueEntityField.php
+ 1
0
View file @ 96aa5ca5
...@@ -128,6 +128,7 @@ protected function exists($value) { ...@@ -128,6 +128,7 @@ protected function exists($value) {
->entityTypeManager ->entityTypeManager
->getStorage($this->configuration['entity_type']) ->getStorage($this->configuration['entity_type'])
->getQuery() ->getQuery()
->accessCheck(FALSE)
->condition($this->configuration['field'], $value); ->condition($this->configuration['field'], $value);
if (!empty($this->configuration['migrated'])) { if (!empty($this->configuration['migrated'])) {
// Check if each entity is in the ID map. // Check if each entity is in the ID map.
......
core/modules/migrate/tests/src/Unit/process/MakeUniqueEntityFieldTest.php
+ 4
0
View file @ 96aa5ca5
...@@ -43,6 +43,9 @@ protected function setUp(): void { ...@@ -43,6 +43,9 @@ protected function setUp(): void {
$this->entityQuery = $this->getMockBuilder('Drupal\Core\Entity\Query\QueryInterface') $this->entityQuery = $this->getMockBuilder('Drupal\Core\Entity\Query\QueryInterface')
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
$this->entityQuery->expects($this->any())
->method('accessCheck')
->will($this->returnSelf());
$this->entityTypeManager = $this->createMock(EntityTypeManagerInterface::class); $this->entityTypeManager = $this->createMock(EntityTypeManagerInterface::class);
$storage = $this->createMock(EntityStorageInterface::class); $storage = $this->createMock(EntityStorageInterface::class);
...@@ -189,6 +192,7 @@ public function testMakeUniqueEntityFieldMigrated() { ...@@ -189,6 +192,7 @@ public function testMakeUniqueEntityFieldMigrated() {
foreach (['forums', 'test_vocab', 'test_vocab1'] as $id) { foreach (['forums', 'test_vocab', 'test_vocab1'] as $id) {
$query = $this->prophesize(QueryInterface::class); $query = $this->prophesize(QueryInterface::class);
$query->willBeConstructedWith([]); $query->willBeConstructedWith([]);
$query->accessCheck()->willReturn($query);
$query->execute()->willReturn($id === 'test_vocab1' ? [] : [$id]); $query->execute()->willReturn($id === 'test_vocab1' ? [] : [$id]);
$map[] = ['test_field', $id, NULL, NULL, $query->reveal()]; $map[] = ['test_field', $id, NULL, NULL, $query->reveal()];
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment