Description of the bug (not sure if this can be considered a bug).
entity_access()
currently ignores checking for access to operations view, update and delete if no entity is provided.
There are situations when one may invoke, for example, entity_access('view', 'node');
to check if a user can view any content (Rules does this). So, instead of ignoring (and returning null), the function should actually check for that access. The issue is that, since there is no entity, we have not way to invoke $node->access()
.
In D7, Entity API included a access callback
key/value pair in hook_entity_info()
which allowed someone to specify the access callback, which could be invoked without the need of having an actual entity object handy. That would solve this situation.
AFAIK, because of this, Backdrop currently has not abstracted way to check access to entities when there is no entity available, other than directly checking the permission doing user_access()
. This creates problems for modules that deal with many types of entities in abstract ways, like Entity Reference and Rules.
I'm really at a loss on how to solve this issue - or even if it's necessary to solve it. I guess one way to deal with this is by modifying projects like Rules to granularly check for user permissions.
Any feedback or thoughts will be appreciated. I'm trying to get Rules to deal in a sensible way with access checks.
Recent comments
Hi patch-works I did something similar with Drupal 7: a block with aniversaries of historical dates. You can see it at https://lassalle-kreis.de/ down in the blue footer, the middle column...
How to get a list of upcoming birthdays?
@indigoxela - I agree, I mentioned the SVG topic specifically for the dev meeting. I think we'll definitely want Nate involved in that discussion. Good call!
Apr 18th Weekly Meetings
Hi colbyat, re display in the browser: the problem is that when a 500 occurs, this PHP process died before being able to render anything. So that won't work. Logging is possible, but...
Displaying 500 errors