Avoid using `loadByProperties` to load entities
2 min readApr 12, 2022
Drupal’s entity storages have a loadByProperties
method to simplify loading entities based on conditions. For configuration entities, these are on their properties. For content entities, these are on their field values. It is a common carry-over from the old days of Drupal 7 with entity_load_multiple
and the properties condition argument.
There is just one big problem! The loadByProperties
method disables entity access checks. That makes this method unsafe and causes it to bypass entity query access checks.