From 4022cc198cc344c07ffce080bf847b485a3c3211 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Mon, 30 Apr 2018 15:08:58 +0100
Subject: [PATCH] Issue #2950129 by msankhala, Wim Leers: Add helpful reason
 for 'update' and 'delete' access not being allowed to
 MediaAccessControlHandler

---
 core/modules/media/src/MediaAccessControlHandler.php          | 4 ++--
 .../Functional/EntityResource/Media/MediaResourceTestBase.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/modules/media/src/MediaAccessControlHandler.php b/core/modules/media/src/MediaAccessControlHandler.php
index d4203728e55..a665e5d4df5 100644
--- a/core/modules/media/src/MediaAccessControlHandler.php
+++ b/core/modules/media/src/MediaAccessControlHandler.php
@@ -47,7 +47,7 @@ class MediaAccessControlHandler extends EntityAccessControlHandler {
         if ($account->hasPermission('update media') && $is_owner) {
           return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
         }
-        return AccessResult::neutral()->cachePerPermissions();
+        return AccessResult::neutral("The following permissions are required: 'update any media' OR 'update own media' OR '$type: edit any media' OR '$type: edit own media'.")->cachePerPermissions();
 
       case 'delete':
         if ($account->hasPermission('delete any ' . $type . ' media')) {
@@ -64,7 +64,7 @@ class MediaAccessControlHandler extends EntityAccessControlHandler {
         if ($account->hasPermission('delete media') && $is_owner) {
           return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
         }
-        return AccessResult::neutral()->cachePerPermissions();
+        return AccessResult::neutral("The following permissions are required: 'delete any media' OR 'delete own media' OR '$type: delete any media' OR '$type: delete own media'.")->cachePerPermissions();
 
       default:
         return AccessResult::neutral()->cachePerPermissions();
diff --git a/core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php
index 85548ada981..32cc08de640 100644
--- a/core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php
@@ -269,10 +269,10 @@ abstract class MediaResourceTestBase extends EntityResourceTestBase {
         return "The following permissions are required: 'administer media' OR 'create media' OR 'create camelids media'.";
 
       case 'PATCH':
-        return 'You are not authorized to update this media entity of bundle camelids.';
+        return "The following permissions are required: 'update any media' OR 'update own media' OR 'camelids: edit any media' OR 'camelids: edit own media'.";
 
       case 'DELETE':
-        return 'You are not authorized to delete this media entity of bundle camelids.';
+        return "The following permissions are required: 'delete any media' OR 'delete own media' OR 'camelids: delete any media' OR 'camelids: delete own media'.";
 
       default:
         return parent::getExpectedUnauthorizedAccessMessage($method);