User can't reference unpublished content even when they have access to it
1 open thread
- Refactor the implementation by adding new option
- Refactoring based on new option
- Revert old test case changes as they were incorrectly removed.
- Add an update hook for setting up default values.
- Add test cases for the update hook.
Closes #2845144
Merge request reports
Activity
added 572 commits
-
8a631b18...336ba833 - 571 commits from branch
project:11.x - 9846daa8 - Merge branch '11.x' into 2845144-user-cant-reference-unpublished-content
-
8a631b18...336ba833 - 571 commits from branch
34 if (!$this->currentUser->hasPermission('bypass node access') && 35 !$this->moduleHandler->hasImplementations('node_grants')) { 36 $query->condition('status', NodeInterface::PUBLISHED); 37 return $query; 38 } 39 } 40 41 // Permission to "view own unpublished content" allows 42 // the user to reference any published content or own unpublished content. 43 // Permission to "view any unpublished content" allows 44 // the user to reference any unpublished content. 45 if ($this->currentUser->hasPermission('view own unpublished content') && !$this->currentUser->hasPermission('view any unpublished content')) { 46 $or = $query->orConditionGroup() 47 ->condition('status', NodeInterface::PUBLISHED) 48 ->condition('uid', $this->currentUser->id()) 49 ->condition('uid', 0); -
This condition
->condition('uid', 0);doesn't make sense to me. This was suggested to be added in comment #70 without any reasoning and comment #90 shares my confusion. This would allow users with "view own unpublished content" to view unpublished content owned by the anonymous user. That's not right. This should be removed.Edited by Brian Osborne
Please register or sign in to reply