Skip to content
Snippets Groups Projects
Commit 598f9a35 authored by alurizar's avatar alurizar Committed by Gabriel Carleton-Barnes
Browse files

Issue #3402288 by alurizar: Entity queries must explicitly set whether the...

Issue #3402288 by alurizar:  Entity queries must explicitly set whether the query should be access checked or not
parent 6f34eb25
No related branches found
No related tags found
No related merge requests found
......@@ -71,7 +71,7 @@ class ChangeConnectionRole extends ViewsBulkOperationsActionBase implements Cont
* {@inheritdoc}
*/
public function buildConfigurationForm(array $form, FormStateInterface $form_state) {
$rids = \Drupal::entityQuery('redhen_connection_role')->execute();
$rids = \Drupal::entityQuery('redhen_connection_role')->accessCheck(TRUE)->execute();
$role_objects = ConnectionRole::loadMultiple($rids);
$roles = [];
foreach ($role_objects as $rid => $role_object) {
......
......@@ -71,7 +71,7 @@ class RouteSubscriber extends RouteSubscriberBase {
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents() {
public static function getSubscribedEvents() : array {
$events = parent::getSubscribedEvents();
$events[RoutingEvents::ALTER] = ['onAlterRoutes', 100];
return $events;
......
......@@ -263,6 +263,7 @@ class Contact extends ContentEntityBase implements ContactInterface {
// Find Contacts linked to the current Drupal User.
$query = \Drupal::entityQuery('redhen_contact');
$query->accessCheck(TRUE);
$query->condition('uid', $account->id(), '=');
$query->condition('status', $status);
$results = $query->execute();
......@@ -294,6 +295,7 @@ class Contact extends ContentEntityBase implements ContactInterface {
// If we don't have a cached Contact, try to find one with the given email.
if (!$contacts) {
$query = \Drupal::entityQuery('redhen_contact');
$query->accessCheck(TRUE);
$query->condition('email', $email, '=');
$query->condition('status', $status);
$results = $query->execute();
......
......@@ -26,6 +26,7 @@ class ContactEmailUniqueValidator extends ConstraintValidator {
$id = $this->context->getValue()->getParent()->getValue()->id->value === NULL ? 0 : $this->context->getValue()->getParent()->getValue()->id->value;
// Query to find out if email is taken.
$email_taken = (bool) \Drupal::entityQuery('redhen_contact')
->accessCheck(TRUE)
->condition('email', $email)
// Exclude current contact from query because it will have the email.
->condition('id', $id, '!=')
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment