Skip to content

Commit

Permalink
Support for entity query access check (#791)
Browse files Browse the repository at this point in the history
Fix api_product entity query access issue by adding support for entity query access check
  • Loading branch information
shishir-intelli authored Feb 1, 2023
1 parent 88a834a commit aba2259
Showing 1 changed file with 33 additions and 1 deletion.
34 changes: 33 additions & 1 deletion src/Entity/Query/Query.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

namespace Drupal\apigee_edge\Entity\Query;

use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
Expand Down Expand Up @@ -84,9 +85,40 @@ public function execute() {
// Basically, DeveloperAppQuery already applies a condition on the returned
// result because this function gets called.
$all_records = $this->getFromStorage();
$filter = $this->condition->compile($this);

// @todo Proper entity query support that is aligned with the implementation
// in \Drupal\Core\Entity\Query\Sql\Query::prepare() can be only added
// if the following Entity API module issue is solved.
// https://www.drupal.org/project/entity/issues/3332956
// (Having a fix for a similar Group module issue is a nice to have,
// https://www.drupal.org/project/group/issues/3332963.)
if ($this->accessCheck) {
// Read meta-data from query, if provided.
if (!$account = $this->getMetaData('account')) {
// @todo DI dependency.
$account = \Drupal::currentUser();
}
$cacheability = CacheableMetadata::createFromRenderArray([]);
$all_records = array_filter($all_records, static function (EntityInterface $entity) use ($cacheability, $account) {
// Bubble up cacheability information even from a revoked access result.
$result = $entity->access('view', $account, TRUE);
$cacheability->addCacheableDependency($result);
return $result->isAllowed();
});
// @todo DI dependencies.
/** @var \Symfony\Component\HttpFoundation\Request $request */
$request = \Drupal::requestStack()->getCurrentRequest();
$renderer = \Drupal::service('renderer');
if ($request->isMethodCacheable() && $renderer->hasRenderContext()) {
$build = [];
$cacheability->applyTo($build);
$renderer->render($build);
}
}

$filter = $this->condition->compile($this);
$result = array_filter($all_records, $filter);

if ($this->count) {
return count($result);
}
Expand Down

0 comments on commit aba2259

Please sign in to comment.