1

I'm trying to define an access control handler for a custom entity, and as far as I can tell it's never being called.

Here's my entity header:

  /**
   * Defines the Target entity.
   *
   * @ContentEntityType(
   *   id = "target",
   *   label = @Translation("Target"),
   *   label_collection = @Translation("Targets"),
   *   label_singular = @Translation("Target"),
   *   label_plural = @Translation("Targets"),
   *   label_count = @PluralTranslation(
   *     singular = "@count Target",
   *     plural = "@count Targets",
   *   ),
   *   handlers = {
~_ *     "access" = "Drupal\nm_base\TargetAccessControlHandler",
   *   },
   *   base_table = "nm_target",
   *   admin_permission = "access submissions",
   *   entity_keys = {
   *     "id" = "uuid",
   *   }
   * )
   */
  class Target extends ContentEntityBase {

And here's my access controller:

<?php

namespace Drupal\nm_base;

use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityHandlerInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;

/**
 * Defines an access controller for the target entity.
 *
 * @see \Drupal\nm_base\Entity\Target.
 */
class TargetAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    devel_debug('check_access');
    return AccessResult::allowedIf(false);
  }
}

Executing an entity query as a non-admin user never triggers that devel_debug. What am I missing?

Improve this question
5
  • 2
    Entity queries are SQL and trigger mymodule_query_myentity_access_alter(AlterableInterface $query) Commented Jan 17, 2024 at 14:10
  • Huh, so using accessCheck(false) simply stops that hook being called? Is there an OO equivalent to the hook? Commented Jan 17, 2024 at 14:14
  • Also if I execute an entity query and then use loadMultiple() to load the entities from the result, shouldn't that trigger the access handler? Commented Jan 17, 2024 at 14:21
  • have you tried disable/enable the module, i remember some issue when changing annotaion declaration are not recognized? Commented Jan 30, 2024 at 12:41
  • Clearing cache should be enough to reprocess the annotations. Commented Feb 6, 2024 at 7:58

2 Answers 2

Reset to default
0

I think that the entity query access is handled by some other access handler. The best way for you to check and investigate further is to check which query access handler is the entity using. Like this:

$entityType = \Drupal::entityTypeManager()->getDefinition('entity_type_id');
dsm($entityType->getHandlerClasses());
Improve this answer
0

access control handlers expect an entity to work on but entity query does not load the entities and so it can not fire access control handlers. Further, it is not desirable to do so, the module providing access control should have code which filters in database otherwise pagination won't work. (Or it would be really slow as it grabs one page worth of items then access control throws away a few then it grabs more etc.)

See: hook_entity_query_alter, hook_entity_query_ENTITY_TYPE_alter, hook_entity_query_tag__TAG_alter, hook_entity_query_tag__ENTITY_TYPE__TAG_alter

Source: I added db_rewrite_sql to core 20 years ago, I lead writing entity field query 15 years ago and entity query 12+ years ago. If you want to blame anyone for this behavior I guess that'd be me.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.