diff options
author | Jennifer Hodgdon <yahgrp@poplarware.com> | 2014-07-15 09:23:10 -0700 |
---|---|---|
committer | Jennifer Hodgdon <yahgrp@poplarware.com> | 2014-07-15 09:23:10 -0700 |
commit | f56b6aaa5e04ee125e67c7a2f0a47d79d94c0542 (patch) | |
tree | 6f2a0190ceed1623f273475f7a8b710a302157f3 | |
parent | 89d7c05e210ee82bba924f682ab6aca97c4fbaba (diff) | |
download | brdo-f56b6aaa5e04ee125e67c7a2f0a47d79d94c0542.tar.gz brdo-f56b6aaa5e04ee125e67c7a2f0a47d79d94c0542.tar.bz2 |
Issue #2267411 by er.pushpinderrana, amitgoyal, klausi, David_Rothstein: Document that field_access() does not check entity access
-rw-r--r-- | modules/field/field.module | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/field/field.module b/modules/field/field.module index 52faf3548..132238ecd 100644 --- a/modules/field/field.module +++ b/modules/field/field.module @@ -961,6 +961,13 @@ function field_has_data($field) { /** * Determine whether the user has access to a given field. * + * This function does not determine whether access is granted to the entity + * itself, only the specific field. Callers are responsible for ensuring that + * entity access is also respected. For example, when checking field access for + * nodes, check node_access() before checking field_access(), and when checking + * field access for entities using the Entity API contributed module, + * check entity_access() before checking field_access(). + * * @param $op * The operation to be performed. Possible values: * - 'edit' |