Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2950129 by msankhala, Wim Leers: Add helpful reason for 'update' and 'delete' access not being allowed to MediaAccessControlHandler

8.6.x
Alex Pott 2018-04-30 15:08:58 +01:00
parent 6de60bc459
commit 4022cc198c
No known key found for this signature in database
GPG Key ID: 31905460D4A69276
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/modules/media/src/MediaAccessControlHandler.php
View File

@ -47,7 +47,7 @@ class MediaAccessControlHandler extends EntityAccessControlHandler {
if ($account->hasPermission('update media') && $is_owner) {
return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
}
return AccessResult::neutral()->cachePerPermissions();
return AccessResult::neutral("The following permissions are required: 'update any media' OR 'update own media' OR '$type: edit any media' OR '$type: edit own media'.")->cachePerPermissions();
case 'delete':
if ($account->hasPermission('delete any ' . $type . ' media')) {
@ -64,7 +64,7 @@ class MediaAccessControlHandler extends EntityAccessControlHandler {
if ($account->hasPermission('delete media') && $is_owner) {
return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
}
return AccessResult::neutral()->cachePerPermissions();
return AccessResult::neutral("The following permissions are required: 'delete any media' OR 'delete own media' OR '$type: delete any media' OR '$type: delete own media'.")->cachePerPermissions();
default:
return AccessResult::neutral()->cachePerPermissions();

4
core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php
View File

@ -269,10 +269,10 @@ abstract class MediaResourceTestBase extends EntityResourceTestBase {
return "The following permissions are required: 'administer media' OR 'create media' OR 'create camelids media'.";
case 'PATCH':
return 'You are not authorized to update this media entity of bundle camelids.';
return "The following permissions are required: 'update any media' OR 'update own media' OR 'camelids: edit any media' OR 'camelids: edit own media'.";
case 'DELETE':
return 'You are not authorized to delete this media entity of bundle camelids.';
return "The following permissions are required: 'delete any media' OR 'delete own media' OR 'camelids: delete any media' OR 'camelids: delete own media'.";
default:
return parent::getExpectedUnauthorizedAccessMessage($method);