NYS 168: Restrict MCP block content edit access to blocks linked to their managed senators #233
Conversation
…cks linked to managed senators
|
@routinet look I used But also ... don't look, since I didn't wrap |
| if (UsersHelper::isMcp($current_user)) { | ||
| $managed_senator_tids = UsersHelper::getManagedSenators($current_user); | ||
| $is_block_linked_to_managed_senator = $this->entityTypeManager | ||
| ->getStorage('node') |
There was a problem hiding this comment.
getStorage() can throw an exception. try..catch pls
There was a problem hiding this comment.
@routinet, just making sure you saw my comment from 2 weeks ago about the omitted try/catch. My instinct is to follow Drupal core's coding standards regarding getStorage() called on core entity types, but if you think the try/catch is still worthwhile, I propose adding it without actually logging anything (to avoid adding a dependency on the logger factory whenever we access node storage). Lmk if you're okay with either A. full omission of try/catch for core types, or B. try/catch without logging. Ty!
There was a problem hiding this comment.
including it without logging is fine. I'm just concerned about whatever weird edge case is going to pop up and trigger an uncaught exception. I dislike it also, but... whachagonnado? (also dislike a do-nothing catch, but I feel it is the lesser of two evils)
There was a problem hiding this comment.
Great, all set @routinet
Note that the related hotfix in #226 revokes all MCP block content access. This is the long term fix.