Support creation of API driven content entities
Problem/Motivation
Currently it is not possible to create content entities, which don't implement a custom access handler. If so, the following code will prevent the entity from being created:
NewEntity.php:147
elseif (!$this->entityTypeManager->hasHandler($entity_type_id, 'access')) {
$access_result = AccessResult::forbidden('Cannot determine access without an access handler.');
}Modules like message are using a content entity, which has no user interface and no custom access handler - and even though they would have, the next part of the NewEntity's access method will check the "createAccess" which by default checks for a permission, not existing in such modules.
Steps to reproduce
- Install the message and message_example module
- Create an ECA workflow which creates a message for instance after creating a node. Caution, the message_example module does this aswell via hook_node_insert
- Verify that the message entity by ECA is not created, the one by message_example on the other side is
Proposed resolution
Change default behaviour when checking access when creating content entities. Instead of denying the access, we should grant it since this seems to be the default behaviour in drupal core wen using plain entity API to create such entiites.
Remaining tasks
Discuss how to support content entities without custom access handlers.