Unverified Commit ec8b4f8c authored by alexpott's avatar alexpott

Issue #2950127 by owenbush, Yogesh Pawar, msankhala, Wim Leers, vaplas: Add...

Issue #2950127 by owenbush, Yogesh Pawar, msankhala, Wim Leers, vaplas: Add helpful reason for 'update' and 'delete' access not being allowed to FileAccessControlHandler
parent bdf6c01c
...@@ -64,11 +64,11 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter ...@@ -64,11 +64,11 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
if ($operation == 'delete' || $operation == 'update') { if ($operation == 'delete' || $operation == 'update') {
$account = $this->prepareUser($account); $account = $this->prepareUser($account);
$file_uid = $entity->get('uid')->getValue(); $file_uid = $entity->get('uid')->getValue();
// Only the file owner can delete and update the file entity. // Only the file owner can update or delete the file entity.
if ($account->id() == $file_uid[0]['target_id']) { if ($account->id() == $file_uid[0]['target_id']) {
return AccessResult::allowed(); return AccessResult::allowed();
} }
return AccessResult::forbidden(); return AccessResult::forbidden('Only the file owner can update or delete the file entity.');
} }
// No opinion. // No opinion.
......
...@@ -224,8 +224,8 @@ protected function getExpectedUnauthorizedAccessMessage($method) { ...@@ -224,8 +224,8 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
if ($method === 'GET') { if ($method === 'GET') {
return "The 'access content' permission is required."; return "The 'access content' permission is required.";
} }
if ($method === 'PATCH') { if ($method === 'PATCH' || $method === 'DELETE') {
return 'You are not authorized to update this file entity.'; return 'Only the file owner can update or delete the file entity.';
} }
return parent::getExpectedUnauthorizedAccessMessage($method); return parent::getExpectedUnauthorizedAccessMessage($method);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment