Commit b7d593bb authored by catch's avatar catch

Issue #2878483 by dawehner, Berdir, kalpaitch: loadEntityByUuid() should skip access checks

parent ea67660b
......@@ -499,6 +499,7 @@ protected function buildPropertyQuery(QueryInterface $entity_query, array $value
public function loadByProperties(array $values = []) {
// Build a query to fetch the entity IDs.
$entity_query = $this->getQuery();
$entity_query->accessCheck(FALSE);
$this->buildPropertyQuery($entity_query, $values);
$result = $entity_query->execute();
return $result ? $this->loadMultiple($result) : [];
......
......@@ -6,6 +6,7 @@
*/
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Database\Query\AlterableInterface;
use Drupal\Core\Entity\ContentEntityInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\FieldableEntityInterface;
......@@ -792,3 +793,17 @@ function entity_test_entity_test_create_access(AccountInterface $account, $conte
// No opinion.
return AccessResult::neutral();
}
/**
* Implements hook_query_entity_test_access_alter().
*/
function entity_test_query_entity_test_access_alter(AlterableInterface $query) {
if (!\Drupal::state()->get('entity_test_query_access')) {
return;
}
/** @var \Drupal\Core\Database\Query\Select|\Drupal\Core\Database\Query\AlterableInterface $query */
if (!\Drupal::currentUser()->hasPermission('view all entity_test_query_access entities')) {
$query->condition('entity_test_query_access.name', 'published entity');
}
}
......@@ -12,6 +12,8 @@ administer entity_test_with_bundle content:
description: 'administer entity_test_with_bundle content'
administer entity_test_bundle content:
title: 'administer entity_test_bundle content'
view all entity_test_query_access entities:
title: 'view all entity_test_query_access entities'
permission_callbacks:
- \Drupal\entity_test\EntityTestPermissions::entityTestBundlePermissions
<?php
namespace Drupal\KernelTests\Core\Entity;
use Drupal\entity_test\Entity\EntityTest;
use Drupal\KernelTests\KernelTestBase;
/**
* Tests loading entities by UUID.
*
* @group entity
*/
class EntityLoadByUuidTest extends KernelTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['entity_test', 'user'];
/**
* {@inheritdoc}
*/
protected function setUp() {
parent::setUp();
$this->installEntitySchema('user');
$this->installEntitySchema('entity_test');
}
/**
* Ensures that ::loadEntityByUuid() doesn't apply access checking.
*/
public function testLoadEntityByUuidAccessChecking() {
\Drupal::state()->set('entity_test_query_access', TRUE);
// Create two test entities.
$entity_0 = EntityTest::create([
'type' => 'entity_test',
'name' => 'published entity'
]);
$entity_0->save();
$entity_1 = EntityTest::create([
'type' => 'entity_test',
'name' => 'unpublished entity'
]);
$entity_1->save();
/** @var \Drupal\Core\Entity\EntityRepositoryInterface $repository */
$repository = \Drupal::service('entity.repository');
$this->assertEquals($entity_0->id(), $repository->loadEntityByUuid('entity_test', $entity_0->uuid())->id());
$this->assertEquals($entity_1->id(), $repository->loadEntityByUuid('entity_test', $entity_1->uuid())->id());
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment