Issue #2950127 by owenbush, Yogesh Pawar, msankhala, Wim Leers, vaplas: Add...

Issue #2950127 by owenbush, Yogesh Pawar, msankhala, Wim Leers, vaplas: Add helpful reason for 'update' and 'delete' access not being allowed to FileAccessControlHandler

Issue #2950127 by owenbush, Yogesh Pawar, msankhala, Wim Leers, vaplas: Add...
ec8b4f8c · Alex Pott · bdf6c01c · ec8b4f8c · ec8b4f8c
Unverified Commit ec8b4f8c authored May 7, 2018 by Alex Pott
--- a/core/modules/file/src/FileAccessControlHandler.php
+++ b/core/modules/file/src/FileAccessControlHandler.php
@@ -64,11 +64,11 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
    if ($operation == 'delete' || $operation == 'update') {
      $account = $this->prepareUser($account);
      $file_uid = $entity->get('uid')->getValue();
-      // Only the file owner can delete and update the file entity.
+      // Only the file owner can update or delete the file entity.
      if ($account->id() == $file_uid[0]['target_id']) {
        return AccessResult::allowed();
      }
-      return AccessResult::forbidden();
+      return AccessResult::forbidden('Only the file owner can update or delete the file entity.');
    }
    // No opinion.

--- a/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php
@@ -224,8 +224,8 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
    if ($method === 'GET') {
      return "The 'access content' permission is required.";
    }
-    if ($method === 'PATCH') {
+    if ($method === 'PATCH' || $method === 'DELETE') {
-      return 'You are not authorized to update this file entity.';
+      return 'Only the file owner can update or delete the file entity.';
    }
    return parent::getExpectedUnauthorizedAccessMessage($method);
  }