Description of the bug (not sure if this can be considered a bug).
entity_access()
currently ignores checking for access to operations view, update and delete if no entity is provided.
There are situations when one may invoke, for example, entity_access('view', 'node');
to check if a user can view any content (Rules does this). So, instead of ignoring (and returning null), the function should actually check for that access. The issue is that, since there is no entity, we have not way to invoke $node->access()
.
In D7, Entity API included a access callback
key/value pair in hook_entity_info()
which allowed someone to specify the access callback, which could be invoked without the need of having an actual entity object handy. That would solve this situation.
AFAIK, because of this, Backdrop currently has not abstracted way to check access to entities when there is no entity available, other than directly checking the permission doing user_access()
. This creates problems for modules that deal with many types of entities in abstract ways, like Entity Reference and Rules.
I'm really at a loss on how to solve this issue - or even if it's necessary to solve it. I guess one way to deal with this is by modifying projects like Rules to granularly check for user permissions.
Any feedback or thoughts will be appreciated. I'm trying to get Rules to deal in a sensible way with access checks.
Recent comments
Also it has no maintainer. Anybody interested to maintain?
Flood Unblock analogue
Because it doesn't have a release yet?
Flood Unblock analogue
It's already been done, https://github.com/backdrop-contrib/flood_unblock how did we miss it?
Flood Unblock analogue