Skip to content

GitLab

D
drupal
Commit 9c240f96 authored by catch's avatar catch
Browse files
Options

Issue #2905748 by vaplas: MediaAccessControlHandler does not provide a helpful... 

Issue #2905748 by vaplas: MediaAccessControlHandler does not provide a helpful reason for when access is denied for the view operation
parent c3f080e7
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 1 deletion
core/modules/media/src/MediaAccessControlHandler.php
View file @ 9c240f96
......@@ -23,9 +23,13 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
$is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
switch ($operation) {
case 'view':
return AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished())
$access_result = AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished())
->cachePerPermissions()
->addCacheableDependency($entity);
if (!$access_result->isAllowed()) {
$access_result->setReason("The 'view media' permission is required and the media item must be published.");
}
return $access_result;
case 'update':
if ($account->hasPermission('update any media')) {
......
core/modules/media/tests/src/Functional/MediaAccessTest.php
View file @ 9c240f96
......@@ -60,6 +60,8 @@ public function testMediaAccess() {
$this->drupalGet('media/' . $media->id());
$this->assertCacheContext('user.permissions');
$assert_session->statusCodeEquals(403);
$access_result = $media->access('view', NULL, TRUE);
$this->assertSame("The 'view media' permission is required and the media item must be published.", $access_result->getReason());
$this->grantPermissions($role, ['view media']);
$this->drupalGet('media/' . $media->id());
$this->assertCacheContext('user.permissions');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment