From 9c240f96f23a722194c0cf878204a1342904bca3 Mon Sep 17 00:00:00 2001
From: Nathaniel Catchpole <catch@35733.no-reply.drupal.org>
Date: Mon, 11 Sep 2017 16:07:28 +0100
Subject: [PATCH] Issue #2905748 by vaplas: MediaAccessControlHandler does not
 provide a helpful reason for when access is denied for the view operation

---
 core/modules/media/src/MediaAccessControlHandler.php        | 6 +++++-
 core/modules/media/tests/src/Functional/MediaAccessTest.php | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/core/modules/media/src/MediaAccessControlHandler.php b/core/modules/media/src/MediaAccessControlHandler.php
index f753e7fdb2f3..434abfe7193a 100644
--- a/core/modules/media/src/MediaAccessControlHandler.php
+++ b/core/modules/media/src/MediaAccessControlHandler.php
@@ -23,9 +23,13 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
     $is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
     switch ($operation) {
       case 'view':
-        return AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished())
+        $access_result = AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished())
           ->cachePerPermissions()
           ->addCacheableDependency($entity);
+        if (!$access_result->isAllowed()) {
+          $access_result->setReason("The 'view media' permission is required and the media item must be published.");
+        }
+        return $access_result;
 
       case 'update':
         if ($account->hasPermission('update any media')) {
diff --git a/core/modules/media/tests/src/Functional/MediaAccessTest.php b/core/modules/media/tests/src/Functional/MediaAccessTest.php
index 070a980dfc15..ba02f083bf2e 100644
--- a/core/modules/media/tests/src/Functional/MediaAccessTest.php
+++ b/core/modules/media/tests/src/Functional/MediaAccessTest.php
@@ -60,6 +60,8 @@ public function testMediaAccess() {
     $this->drupalGet('media/' . $media->id());
     $this->assertCacheContext('user.permissions');
     $assert_session->statusCodeEquals(403);
+    $access_result = $media->access('view', NULL, TRUE);
+    $this->assertSame("The 'view media' permission is required and the media item must be published.", $access_result->getReason());
     $this->grantPermissions($role, ['view media']);
     $this->drupalGet('media/' . $media->id());
     $this->assertCacheContext('user.permissions');
-- 
GitLab