-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue #3325955 by navneet0693: Profile pictures missing on landing page content type. #3237
Conversation
Thanks for contributing towards Open Social! A maintainer from the @goalgorilla/maintainers group might not review all changes from all teams/contributors. Please don't be discouraged if it takes a while. In the meantime, we have some automated checks running and it might be that you will see our comments with some tips or requests to speed up the review process. 😊 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can approve that with a fix provided the described issue has been resolved. However some other test scenarios (logged in as authenticated user that is not verified user still fails)
…ge content type. The user images were not being displayed on the when profile entity is somehow added to landing_page content type, for example, having a featured section in a landing page having profile entity display. Reason: https://github.com/goalgorilla/open_social/blob/main/modules/social_features/social_profile/social_profile.module#L727 called for access check on File entity. This called https://git.drupalcode.org/project/drupal/-/blob/9.5.x/core/modules/file/src/FileAccessControlHandler.php#L21 In the function mentioned above, the $entity_and_field_access = $referencing_entity->access('view', $account, TRUE)->andIf($referencing_entity->$field_name->access('view', $account, TRUE)); resulted in AccessResultAllowed This line checked for access on both File $referencing_entity->$field_name->access('view', $account, TRUE) and Profile $referencing_entity->access('view', $account, TRUE) Now, File access check returned false but Profile access check returned TRUE which shouldn’t be the access as our user is anonymous. On further digging, Profile entity access check was passed through https://git.drupalcode.org/project/drupal/-/blob/9.5.x/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php#L61 This called for invoking of alter hooks in $this->moduleHandler()->invokeAll('entity_access', [$entity, $operation, $account]) and $this->moduleHandler()->invokeAll($entity->getEntityTypeId() . '_access', [$entity, $operation, $account]) We have written social_profile_profile_access which was introduced in #2224 This checked for current node type and provided access for profiles to anonymous users. This made the statement mentioned in step 3 return “Allowed” instead of “Neutral” which then failed in the https://github.com/goalgorilla/open_social/blob/main/modules/social_features/social_profile/social_profile.module#L727 On landing_page, where this code mentioned in social_profile_profile_accessis called and due to which the reported behavior is seen. Solution: We added checks on basis of current user status and file system to avoid this conflict.
2c07b07
to
9f2cc0e
Compare
Cherry-picked to 11.5.x 11.6.x and 11.7.x |
Problem
The user images were not being displayed on the when profile entity is somehow added to landing_page content type, for example, having a featured section in a landing page having profile entity display.
Solution
$entity_and_field_access = $referencing_entity->access('view', $account, TRUE)->andIf($referencing_entity->$field_name->access('view', $account, TRUE));
resulted inAccessResultAllowed
$referencing_entity->$field_name->access('view', $account, TRUE)
and Profile$referencing_entity->access('view', $account, TRUE)
$this->moduleHandler()->invokeAll('entity_access', [$entity, $operation, $account])
and$this->moduleHandler()->invokeAll($entity->getEntityTypeId() . '_access', [$entity, $operation, $account])
social_profile_profile_access
which was introduced inIssue #3197235 by SV: Display featured profile section for anonymous users #2224
social_profile_profile_access
is called and due to which the reported behavior is seen.Issue tracker
https://www.drupal.org/project/social/issues/3325955
Theme issue tracker
N.A
How to test
social_private_filesocial_file_private modules enabled$settings['file_private_path']
in settings.phpDefinition of done
Before merge
After merge
Screenshots
N.A
Release notes
When the website was using private file, then the profile images appear to be broken on landing pages for Anonymous users, if a featured content or a stream view was added. We resolved the access problem for anonymous users and now the default profile picture will be displayed.
Change Record
N.A
Translations
N.A