Browse Source

added access check to entity queries that were missing the check

d10-dev
Paul Pound 1 year ago
parent
commit
32291d759c
  1. 9
      src/Plugin/Field/FieldType/ReserveCategory.php
  2. 5
      src/Plugin/Field/FieldWidget/ReserveCategorySelect.php

9
src/Plugin/Field/FieldType/ReserveCategory.php

@ -1,5 +1,5 @@
<?php <?php
namespace Drupal\reserve\Plugin\Field\FieldType; namespace Drupal\reserve\Plugin\Field\FieldType;
use Drupal\Core\Field\FieldItemBase; use Drupal\Core\Field\FieldItemBase;
@ -21,7 +21,7 @@ use Drupal\Core\TypedData\DataDefinition;
* category = @Translation("Reference"), * category = @Translation("Reference"),
* cardinality = 1, * cardinality = 1,
* ) * )
* *
*/ */
class ReserveCategory extends FieldItemBase implements FieldItemInterface { class ReserveCategory extends FieldItemBase implements FieldItemInterface {
/** /**
@ -64,7 +64,8 @@ class ReserveCategory extends FieldItemBase implements FieldItemInterface {
*/ */
public function fieldSettingsForm(array $form, FormStateInterface $form_state) { public function fieldSettingsForm(array $form, FormStateInterface $form_state) {
// get a list of all Reserve Categories // get a list of all Reserve Categories
$ids = \Drupal::entityQuery('reserve_category')->sort('name', 'ASC')->execute(); $ids = \Drupal::entityQuery('reserve_category')->accessCheck(TRUE)
->sort('name', 'ASC')->execute();
$categories = \Drupal\reserve\Entity\ReserveCategory::loadMultiple($ids); $categories = \Drupal\reserve\Entity\ReserveCategory::loadMultiple($ids);
$options = array(); $options = array();
foreach ($categories as $cat) { foreach ($categories as $cat) {
@ -113,4 +114,4 @@ class ReserveCategory extends FieldItemBase implements FieldItemInterface {
] + parent::defaultFieldSettings(); ] + parent::defaultFieldSettings();
} }
} }

5
src/Plugin/Field/FieldWidget/ReserveCategorySelect.php

@ -30,7 +30,8 @@ class ReserveCategorySelect extends WidgetBase {
// get a list of all Reserve Categories for this bundle // get a list of all Reserve Categories for this bundle
$set = $items->getSettings()['categories']; $set = $items->getSettings()['categories'];
$ids = \Drupal::entityQuery('reserve_category')->sort('name', 'ASC')->execute(); $ids = \Drupal::entityQuery('reserve_category')->accessCheck(TRUE)
->sort('name', 'ASC')->execute();
$categories = ReserveCategory::loadMultiple($ids); $categories = ReserveCategory::loadMultiple($ids);
$options = array(); $options = array();
foreach ($categories as $key => $cat) { foreach ($categories as $key => $cat) {
@ -47,4 +48,4 @@ class ReserveCategorySelect extends WidgetBase {
return array('cid' => $element); return array('cid' => $element);
} }
} }

Loading…
Cancel
Save