Commit b07f9644 authored by webchick's avatar webchick

Issue #1571104 by BTMash, Dave.Ingram, mradcliffe, Damien Tournoud, sun,...

Issue #1571104 by BTMash, Dave.Ingram, mradcliffe, Damien Tournoud, sun, lliss, lkiss80: Fixed Can't access non-node entities with EntityFieldQuery.
parent 717e003c
......@@ -27,7 +27,7 @@ public static function getInfo() {
}
function setUp() {
parent::setUp(array('field_test'));
parent::setUp(array('node', 'field_test', 'entity_query_access_test', 'node_access_test'));
field_test_create_bundle('bundle1');
field_test_create_bundle('bundle2');
......@@ -1528,6 +1528,26 @@ function testEntityFieldQueryTableSort() {
unset($_GET['order']);
}
/**
* Tests EntityFieldQuery access on non-node entities.
*/
function testEntityFieldQueryAccess() {
// Test as a user with ability to bypass node access.
$privileged_user = $this->drupalCreateUser(array('bypass node access', 'access content'));
$this->drupalLogin($privileged_user);
$this->drupalGet('entity-query-access/test/' . $this->fields[0]['field_name']);
$this->assertText('Found entity', 'Returned access response with entities.');
$this->drupalLogout();
// Test as a user that does not have ability to bypass node access or view
// all nodes.
$regular_user = $this->drupalCreateUser(array('access content'));
$this->drupalLogin($regular_user);
$this->drupalGet('entity-query-access/test/' . $this->fields[0]['field_name']);
$this->assertText('Found entity', 'Returned access response with entities.');
$this->drupalLogout();
}
/**
* Fetches the results of an EntityFieldQuery and compares.
*
......
name = "Entity query access test"
description = "Support module for checking entity query results."
package = Testing
version = VERSION
core = 8.x
hidden = TRUE
<?php
/**
* @file
* Helper module for testing EntityFieldQuery access on any type of entity.
*/
use Drupal\entity\EntityFieldQuery;
use Drupal\entity\EntityFieldQueryException;
/**
* Implements hook_menu().
*/
function entity_query_access_test_menu() {
$items['entity-query-access/test/%'] = array(
'title' => "Retrieve a sample of entity query access data",
'page callback' => 'entity_query_access_test_sample_query',
'page arguments' => array(2),
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
return $items;
}
/**
* Returns the results from an example EntityFieldQuery.
*/
function entity_query_access_test_sample_query($field_name) {
global $user;
// Simulate user does not have access to view all nodes.
$access = &drupal_static('node_access_view_all_nodes');
$access[$user->uid] = FALSE;
$query = new EntityFieldQuery();
$query
->entityCondition('entity_type', 'test_entity_bundle_key')
->fieldCondition($field_name, 'value', 0, '>')
->entityOrderBy('entity_id', 'ASC');
$results = array(
'items' => array(),
'title' => t('EntityFieldQuery results'),
);
foreach ($query->execute() as $entity_type => $entity_ids) {
foreach ($entity_ids as $entity_id => $entity_stub) {
$results['items'][] = format_string('Found entity of type @entity_type with id @entity_id', array('@entity_type' => $entity_type, '@entity_id' => $entity_id));
}
}
if (count($results['items']) > 0) {
$output = theme('item_list', $results);
}
else {
$output = 'No results found with EntityFieldQuery.';
}
return $output;
}
......@@ -3310,8 +3310,9 @@ function _node_query_node_access_alter($query, $type) {
// @endcode
//
// So instead of directly adding to the query object, we need to collect
// in a separate db_and() object and then at the end add it to the query.
$entity_conditions = db_and();
// all of the node access conditions in a separate db_and() object and
// then add it to the query at the end.
$node_conditions = db_and();
}
foreach ($tables as $nalias => $tableinfo) {
$table = $tableinfo['table'];
......@@ -3345,16 +3346,24 @@ function _node_query_node_access_alter($query, $type) {
$field = 'entity_id';
}
$subquery->where("$nalias.$field = na.nid");
$query->exists($subquery);
// For an entity query, attach the subquery to entity conditions.
if ($type == 'entity') {
$node_conditions->exists($subquery);
}
// Otherwise attach it to the node query itself.
else {
$query->exists($subquery);
}
}
}
if ($type == 'entity' && count($subquery->conditions())) {
// All the node access conditions are only for field values belonging to
// nodes.
$entity_conditions->condition("$base_alias.entity_type", 'node');
$node_conditions->condition("$base_alias.entity_type", 'node');
$or = db_or();
$or->condition($entity_conditions);
$or->condition($node_conditions);
// If the field value belongs to a non-node entity type then this function
// does not do anything with it.
$or->condition("$base_alias.entity_type", 'node', '<>');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment