[BUG] Gate open and remove actions in relation tables on element permissions#1872
[BUG] Gate open and remove actions in relation tables on element permissions#1872Jonathon-Meney-Torq wants to merge 1 commit into
Conversation
Not up to standards ⛔
|
ce33908 to
27f2f13
Compare
|
martineiber
left a comment
There was a problem hiding this comment.
Can you check the sonar Report for our code style.
| * @internal | ||
| */ | ||
| final readonly class ElementDataService implements ElementDataServiceInterface | ||
| readonly class ElementDataService implements ElementDataServiceInterface |
There was a problem hiding this comment.
Why removing the final?
| $query = $this->queryFactory->create($type); | ||
| /** @var AssetQueryInterface|DataObjectQueryInterface|DocumentQueryInterface $query */ | ||
| $query = $this->filterService->applyFilters($query, $filter, $type); | ||
| } else { |
There was a problem hiding this comment.
Can you also fix this Codacy Review. We try to avoid else statements.
| $query = $this->queryFactory->create($type); | ||
| /** @var AssetQueryInterface|DataObjectQueryInterface|DocumentQueryInterface $query */ | ||
| $query = $this->filterService->applyFilters($query, $filter, $type); |
There was a problem hiding this comment.
What is the benefit? $this->getSearchQuery($type, $gridParameter, $user);should already apply all given filters. Having here a dependency to the system.ids here seams for me the wrong place.




Summary
hasAccessandcanEditboolean flags toRelatedElementDataschemaElementDataService::getRelatedElementData()computes per-element access using classic adminAbstractElement::isAllowed()—hasAccessfromviewpermission on the related element,canEditfromsaveorpublishpermission on the parent objectRelationNormalizationContextservice to pass the parentConcreteobject intoElementDataServiceduring normalization without changing interface signaturesDataService::getDetailObjectData()sets and clears the context via try/finallyGridSearch::searchElementsForUser()skips workspace path and user restrictions when the request is asystem.idsfilter query, so custom field columns load for relation items regardless of workspace accessElementProviderTrait::getElementType()visibility changed fromprivatetoprotectedto allow subclassing