Loading core/modules/media_library/media_library.services.yml +4 −0 Original line number Diff line number Diff line Loading @@ -2,3 +2,7 @@ services: media_library.ui_builder: class: Drupal\media_library\MediaLibraryUiBuilder arguments: ['@entity_type.manager', '@request_stack', '@views.executable', '@form_builder'] media_library.route_subscriber: class: Drupal\media_library\Routing\RouteSubscriber tags: - { name: event_subscriber } core/modules/media_library/src/Routing/RouteSubscriber.php 0 → 100644 +27 −0 Original line number Diff line number Diff line <?php namespace Drupal\media_library\Routing; use Drupal\Core\Routing\RouteSubscriberBase; use Symfony\Component\Routing\RouteCollection; /** * Subscriber for media library routes. */ class RouteSubscriber extends RouteSubscriberBase { /** * {@inheritdoc} */ protected function alterRoutes(RouteCollection $collection) { // Add the media library UI access checks to the widget displays of the // media library view. if ($route = $collection->get('view.media_library.widget')) { $route->addRequirements(['_custom_access' => 'media_library.ui_builder:checkAccess']); } if ($route = $collection->get('view.media_library.widget_table')) { $route->addRequirements(['_custom_access' => 'media_library.ui_builder:checkAccess']); } } } core/modules/media_library/tests/src/FunctionalJavascript/MediaLibraryTest.php +13 −0 Original line number Diff line number Diff line Loading @@ -292,6 +292,8 @@ public function testWidgetAccess() { // Verify that unprivileged users can't access the widget view. $this->drupalGet('admin/content/media-widget', $url_options); $assert_session->responseContains('Access denied'); $this->drupalGet('admin/content/media-widget-table', $url_options); $assert_session->responseContains('Access denied'); $this->drupalGet('media-library', $url_options); $assert_session->responseContains('Access denied'); Loading @@ -302,12 +304,23 @@ public function testWidgetAccess() { ]); $this->drupalGet('admin/content/media-widget', $url_options); $assert_session->elementExists('css', '.view-media-library'); $this->drupalGet('admin/content/media-widget-table', $url_options); $assert_session->elementExists('css', '.view-media-library'); $this->drupalGet('media-library', $url_options); $assert_session->elementExists('css', '.view-media-library'); // Assert the user does not have access to the media add form if the user // does not have the 'create media' permission. $assert_session->fieldNotExists('files[upload][]'); // Assert users can not access the widget displays of the media library view // without a valid media library state. $this->drupalGet('admin/content/media-widget'); $assert_session->responseContains('Access denied'); $this->drupalGet('admin/content/media-widget-table'); $assert_session->responseContains('Access denied'); $this->drupalGet('media-library'); $assert_session->responseContains('Access denied'); // Assert users with the 'create media' permission can access the media add // form. $this->grantPermissions($role, [ Loading Loading
core/modules/media_library/media_library.services.yml +4 −0 Original line number Diff line number Diff line Loading @@ -2,3 +2,7 @@ services: media_library.ui_builder: class: Drupal\media_library\MediaLibraryUiBuilder arguments: ['@entity_type.manager', '@request_stack', '@views.executable', '@form_builder'] media_library.route_subscriber: class: Drupal\media_library\Routing\RouteSubscriber tags: - { name: event_subscriber }
core/modules/media_library/src/Routing/RouteSubscriber.php 0 → 100644 +27 −0 Original line number Diff line number Diff line <?php namespace Drupal\media_library\Routing; use Drupal\Core\Routing\RouteSubscriberBase; use Symfony\Component\Routing\RouteCollection; /** * Subscriber for media library routes. */ class RouteSubscriber extends RouteSubscriberBase { /** * {@inheritdoc} */ protected function alterRoutes(RouteCollection $collection) { // Add the media library UI access checks to the widget displays of the // media library view. if ($route = $collection->get('view.media_library.widget')) { $route->addRequirements(['_custom_access' => 'media_library.ui_builder:checkAccess']); } if ($route = $collection->get('view.media_library.widget_table')) { $route->addRequirements(['_custom_access' => 'media_library.ui_builder:checkAccess']); } } }
core/modules/media_library/tests/src/FunctionalJavascript/MediaLibraryTest.php +13 −0 Original line number Diff line number Diff line Loading @@ -292,6 +292,8 @@ public function testWidgetAccess() { // Verify that unprivileged users can't access the widget view. $this->drupalGet('admin/content/media-widget', $url_options); $assert_session->responseContains('Access denied'); $this->drupalGet('admin/content/media-widget-table', $url_options); $assert_session->responseContains('Access denied'); $this->drupalGet('media-library', $url_options); $assert_session->responseContains('Access denied'); Loading @@ -302,12 +304,23 @@ public function testWidgetAccess() { ]); $this->drupalGet('admin/content/media-widget', $url_options); $assert_session->elementExists('css', '.view-media-library'); $this->drupalGet('admin/content/media-widget-table', $url_options); $assert_session->elementExists('css', '.view-media-library'); $this->drupalGet('media-library', $url_options); $assert_session->elementExists('css', '.view-media-library'); // Assert the user does not have access to the media add form if the user // does not have the 'create media' permission. $assert_session->fieldNotExists('files[upload][]'); // Assert users can not access the widget displays of the media library view // without a valid media library state. $this->drupalGet('admin/content/media-widget'); $assert_session->responseContains('Access denied'); $this->drupalGet('admin/content/media-widget-table'); $assert_session->responseContains('Access denied'); $this->drupalGet('media-library'); $assert_session->responseContains('Access denied'); // Assert users with the 'create media' permission can access the media add // form. $this->grantPermissions($role, [ Loading
