Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there a way to standardize the various *_access wrapper functions for core entities? #5517

Open
indigoxela opened this issue Feb 20, 2022 · 2 comments
Open

Is there a way to standardize the various *_access wrapper functions for core entities? #5517

indigoxela opened this issue Feb 20, 2022 · 2 comments
Labels
type - question

Comments

@indigoxela
Copy link
Member

indigoxela commented Feb 20, 2022
edited
Loading

What we currently have:

comment/comment.module:1479:function comment_access($op, Comment $comment = NULL) {

file/file.module:2797:function file_access($op, $file = NULL, $account = NULL) {

node/node.module:2667:function node_access($op, $node, $account = NULL) {

taxonomy/taxonomy.module:560:function taxonomy_term_access($op, $term) {

(Function user_access does something different and rightly has different params.)

Not two of those specific entity access functions use the same parameter handling. I'm aware that all this code has grown over time, but wasn't there a base concept initially? If so - what did it look like? And most of all - would it be possible to standardize?

Here some more specific questions re parameters:

  • How many params should they have?
  • Which ones should be optional - if any?
  • How to deal with the optional params (which checks to run - only admin access or all that might apply)?

This inconsistency has caused some trouble when trying to consolidate file access functions, but also causes other problems.
A small collection:

I'm aware that standardizing might be a 2.x task, but at least we could establish a policy regarding entity access functions. Without more consistency function entity_access won't ever be able to do something useful without a lot of exemptions and workarounds.
@indigoxela
Copy link
Member Author

An alternative would be to create new methods in all core entity classes to check access without an entity given (globalAccess() or accessAllBundles()...).

This has been discussed in #5474 to provide a way for entity_access to do checks independently from an existing entity. If a user has permission to bypass access control, or to do the operation on any type/bundle, anyway, an entity isn't necessary. That would work better than creating dummy entities - which requires special handling for some entity types.

If the classes provide that instance-agnostic check, we could safely ignore the various differences in the XXX_access() function params and use the methods instead.

@alanmels
Copy link

alanmels commented Dec 8, 2022

This case might be also relevant: #5882

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type - question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@indigoxela @alanmels