diff --git a/core/modules/entity/lib/Drupal/entity/Tests/EntityFieldQueryTest.php b/core/modules/entity/lib/Drupal/entity/Tests/EntityFieldQueryTest.php
index 9b4a91ce27a384e73010a31c5943bdb2a6922857..81bc286d980e75c83692056d8b4db47f10813c13 100644
--- a/core/modules/entity/lib/Drupal/entity/Tests/EntityFieldQueryTest.php
+++ b/core/modules/entity/lib/Drupal/entity/Tests/EntityFieldQueryTest.php
@@ -27,7 +27,7 @@ public static function getInfo() {
}
function setUp() {
- parent::setUp(array('field_test'));
+ parent::setUp(array('node', 'field_test', 'entity_query_access_test', 'node_access_test'));
field_test_create_bundle('bundle1');
field_test_create_bundle('bundle2');
@@ -1528,6 +1528,26 @@ function testEntityFieldQueryTableSort() {
unset($_GET['order']);
}
+ /**
+ * Tests EntityFieldQuery access on non-node entities.
+ */
+ function testEntityFieldQueryAccess() {
+ // Test as a user with ability to bypass node access.
+ $privileged_user = $this->drupalCreateUser(array('bypass node access', 'access content'));
+ $this->drupalLogin($privileged_user);
+ $this->drupalGet('entity-query-access/test/' . $this->fields[0]['field_name']);
+ $this->assertText('Found entity', 'Returned access response with entities.');
+ $this->drupalLogout();
+
+ // Test as a user that does not have ability to bypass node access or view
+ // all nodes.
+ $regular_user = $this->drupalCreateUser(array('access content'));
+ $this->drupalLogin($regular_user);
+ $this->drupalGet('entity-query-access/test/' . $this->fields[0]['field_name']);
+ $this->assertText('Found entity', 'Returned access response with entities.');
+ $this->drupalLogout();
+ }
+
/**
* Fetches the results of an EntityFieldQuery and compares.
*
diff --git a/core/modules/entity/tests/modules/entity_query_access_test/entity_query_access_test.info b/core/modules/entity/tests/modules/entity_query_access_test/entity_query_access_test.info
new file mode 100644
index 0000000000000000000000000000000000000000..369b2048edd9e59fa0d8d592a45ef29b78267083
--- /dev/null
+++ b/core/modules/entity/tests/modules/entity_query_access_test/entity_query_access_test.info
@@ -0,0 +1,7 @@
+name = "Entity query access test"
+description = "Support module for checking entity query results."
+package = Testing
+version = VERSION
+core = 8.x
+hidden = TRUE
+
diff --git a/core/modules/entity/tests/modules/entity_query_access_test/entity_query_access_test.module b/core/modules/entity/tests/modules/entity_query_access_test/entity_query_access_test.module
new file mode 100644
index 0000000000000000000000000000000000000000..262f3b75379a875b7207ec51eb56fcf9d1057377
--- /dev/null
+++ b/core/modules/entity/tests/modules/entity_query_access_test/entity_query_access_test.module
@@ -0,0 +1,57 @@
+<?php
+
+/**
+ * @file
+ * Helper module for testing EntityFieldQuery access on any type of entity.
+ */
+
+use Drupal\entity\EntityFieldQuery;
+use Drupal\entity\EntityFieldQueryException;
+
+/**
+ * Implements hook_menu().
+ */
+function entity_query_access_test_menu() {
+ $items['entity-query-access/test/%'] = array(
+ 'title' => "Retrieve a sample of entity query access data",
+ 'page callback' => 'entity_query_access_test_sample_query',
+ 'page arguments' => array(2),
+ 'access callback' => TRUE,
+ 'type' => MENU_CALLBACK,
+ );
+
+ return $items;
+}
+
+/**
+ * Returns the results from an example EntityFieldQuery.
+ */
+function entity_query_access_test_sample_query($field_name) {
+ global $user;
+
+ // Simulate user does not have access to view all nodes.
+ $access = &drupal_static('node_access_view_all_nodes');
+ $access[$user->uid] = FALSE;
+
+ $query = new EntityFieldQuery();
+ $query
+ ->entityCondition('entity_type', 'test_entity_bundle_key')
+ ->fieldCondition($field_name, 'value', 0, '>')
+ ->entityOrderBy('entity_id', 'ASC');
+ $results = array(
+ 'items' => array(),
+ 'title' => t('EntityFieldQuery results'),
+ );
+ foreach ($query->execute() as $entity_type => $entity_ids) {
+ foreach ($entity_ids as $entity_id => $entity_stub) {
+ $results['items'][] = format_string('Found entity of type @entity_type with id @entity_id', array('@entity_type' => $entity_type, '@entity_id' => $entity_id));
+ }
+ }
+ if (count($results['items']) > 0) {
+ $output = theme('item_list', $results);
+ }
+ else {
+ $output = 'No results found with EntityFieldQuery.';
+ }
+ return $output;
+}
diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index 42d968de8b28115532f1954537b256fae5be300d..b0c712668d26954a5f944818140be1d327d37e71 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -3310,8 +3310,9 @@ function _node_query_node_access_alter($query, $type) {
// @endcode
//
// So instead of directly adding to the query object, we need to collect
- // in a separate db_and() object and then at the end add it to the query.
- $entity_conditions = db_and();
+ // all of the node access conditions in a separate db_and() object and
+ // then add it to the query at the end.
+ $node_conditions = db_and();
}
foreach ($tables as $nalias => $tableinfo) {
$table = $tableinfo['table'];
@@ -3345,16 +3346,24 @@ function _node_query_node_access_alter($query, $type) {
$field = 'entity_id';
}
$subquery->where("$nalias.$field = na.nid");
- $query->exists($subquery);
+
+ // For an entity query, attach the subquery to entity conditions.
+ if ($type == 'entity') {
+ $node_conditions->exists($subquery);
+ }
+ // Otherwise attach it to the node query itself.
+ else {
+ $query->exists($subquery);
+ }
}
}
if ($type == 'entity' && count($subquery->conditions())) {
// All the node access conditions are only for field values belonging to
// nodes.
- $entity_conditions->condition("$base_alias.entity_type", 'node');
+ $node_conditions->condition("$base_alias.entity_type", 'node');
$or = db_or();
- $or->condition($entity_conditions);
+ $or->condition($node_conditions);
// If the field value belongs to a non-node entity type then this function
// does not do anything with it.
$or->condition("$base_alias.entity_type", 'node', '<>');