Commit 11f7951d authored by moshe weitzman's avatar moshe weitzman
Browse files

Enforce access control when querying for a single entity

parent c5aaf7c9
......@@ -164,7 +164,7 @@ class EntitySchemaProvider extends SchemaProviderBase {
public static function getEntitySingle($source, array $args = NULL, $root, Node $field, $a, $b, $c, $data) {
// @todo Fix injection of container dependencies in resolver functions.
$storage = \Drupal::entityManager()->getStorage($data['type']);
if ($entity = $storage->load($args['id'])) {
if ($entity = $storage->load($args['id']) && $entity->access('view')) {
return $entity->getTypedData();
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment