ECA Access with JSONAPI - "The controller result claims to be providing relevant cache metadata, but leaked metadata was detected. Please ensure you are not rendering content too early. Returned object class: Drupal\\jsonapi\\CacheableResourceResponse." (#3369325) · Issues · project / eca

ECA Access with JSONAPI - "The controller result claims to be providing relevant cache metadata, but leaked metadata was detected. Please ensure you are not rendering content too early. Returned object class: Drupal\\jsonapi\\CacheableResourceResponse."

>>> [!note] Migrated issue   Reported by: [freelock](https://www.drupal.org/user/313537) Related to !373 !376 >>> <h3 id="summary-problem-motivation">Problem/Motivation</h3> <p>Trying to use ECA Access to limit access to nodes related using an entity reference, I'm getting this error in JSONAPI requests.</p> <p>There are two branches in my model -- one for privileged users that goes straight to Access->Allowed(), the other that checks for an entity reference on the user linked to the node. The first works fine -- the second, which checks values, appears to work in the UI and normal Drupal rendered pages, but not through JSONAPI -- all JSONAPI requests for these users returns a 500 error, </p> <p> "The controller result claims to be providing relevant cache metadata, but leaked metadata was detected. Please ensure you are not rendering content too early. Returned object class: Drupal\\jsonapi\\CacheableResourceResponse."</p> <h4 id="summary-steps-reproduce">Steps to reproduce</h4> <p>I've set up a model that uses "Determine entity access" for node -> view operation as a trigger.</p> <p>The user account has an entity reference to the node. The "view published content" permission is off for authenticated users, but on for users with a particular role ("licensed client") and other roles.</p> <p>After checking for the licensed client role, the model uses [user:field_project:0:entity] to load a node on the current user's account into [client_project]. It then checks for the content type (there are multiple types that have different relationships to the main project node) and compares [client_project:nid] to [entity:nid].</p> <p>If it matches, it ends with AccessResult::allowed(). If it doesn't match, it ends with AccessResult::forbidden().</p> <p>I think the model is working correctly, but when used with JSONAPI there's something related to caching that breaks it all.</p> <p>I'm hoping this is something somebody has hit before and has a quick solution...</p>

issue