Issue #2533978 by Denchev, Dave Reid, legolasbo, Berdir: $entity->access('view|download') for unattached public files returns FALSE
Alex Pott
parent
55f6f4259b
commit
7b91c7fec2
|
|
@ -22,10 +22,13 @@ class FileAccessControlHandler extends EntityAccessControlHandler {
|
|||
* {@inheritdoc}
|
||||
*/
|
||||
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
|
||||
|
||||
/** @var \Drupal\file\FileInterface $entity */
|
||||
if ($operation == 'download' || $operation == 'view') {
|
||||
$references = $this->getFileReferences($entity);
|
||||
if ($references) {
|
||||
if (\Drupal::service('file_system')->uriScheme($entity->getFileUri()) === 'public') {
|
||||
// Always allow access to file in public file system.
|
||||
return AccessResult::allowed();
|
||||
}
|
||||
elseif ($references = $this->getFileReferences($entity)) {
|
||||
foreach ($references as $field_name => $entity_map) {
|
||||
foreach ($entity_map as $referencing_entity_type => $referencing_entities) {
|
||||
/** @var \Drupal\Core\Entity\EntityInterface $referencing_entity */
|
||||
|
|
|
|||
|
|
@ -0,0 +1,73 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @file
|
||||
* Contains \Drupal\file\Tests\FileManagedAccessTest.
|
||||
*/
|
||||
|
||||
namespace Drupal\file\Tests;
|
||||
|
||||
use Drupal\file\Entity\File;
|
||||
|
||||
/**
|
||||
* Tests access to managed files.
|
||||
*
|
||||
* @group file
|
||||
*/
|
||||
class FileManagedAccessTest extends FileManagedTestBase {
|
||||
|
||||
/**
|
||||
* Tests if public file is always accessible.
|
||||
*/
|
||||
function testFileAccess() {
|
||||
// Create a new file entity.
|
||||
$file = File::create(array(
|
||||
'uid' => 1,
|
||||
'filename' => 'drupal.txt',
|
||||
'uri' => 'public://drupal.txt',
|
||||
'filemime' => 'text/plain',
|
||||
'status' => FILE_STATUS_PERMANENT,
|
||||
));
|
||||
file_put_contents($file->getFileUri(), 'hello world');
|
||||
|
||||
// Save it, inserting a new record.
|
||||
$file->save();
|
||||
|
||||
// Create authenticated user to check file access.
|
||||
$account = $this->createUser(array('access site reports'));
|
||||
|
||||
$this->assertTrue($file->access('view', $account), 'Public file is viewable to authenticated user');
|
||||
$this->assertTrue($file->access('download', $account), 'Public file is downloadable to authenticated user');
|
||||
|
||||
// Create anonymous user to check file access.
|
||||
$account = $this->createUser()->getAnonymousUser();
|
||||
|
||||
$this->assertTrue($file->access('view', $account), 'Public file is viewable to anonymous user');
|
||||
$this->assertTrue($file->access('download', $account), 'Public file is downloadable to anonymous user');
|
||||
|
||||
// Create a new file entity.
|
||||
$file = File::create(array(
|
||||
'uid' => 1,
|
||||
'filename' => 'drupal.txt',
|
||||
'uri' => 'private://drupal.txt',
|
||||
'filemime' => 'text/plain',
|
||||
'status' => FILE_STATUS_PERMANENT,
|
||||
));
|
||||
file_put_contents($file->getFileUri(), 'hello world');
|
||||
|
||||
// Save it, inserting a new record.
|
||||
$file->save();
|
||||
|
||||
// Create authenticated user to check file access.
|
||||
$account = $this->createUser(array('access site reports'));
|
||||
|
||||
$this->assertFalse($file->access('view', $account), 'Private file is not viewable to authenticated user');
|
||||
$this->assertFalse($file->access('download', $account), 'Private file is not downloadable to authenticated user');
|
||||
|
||||
// Create anonymous user to check file access.
|
||||
$account = $this->createUser()->getAnonymousUser();
|
||||
|
||||
$this->assertFalse($file->access('view', $account), 'Private file is not viewable to anonymous user');
|
||||
$this->assertFalse($file->access('download', $account), 'Private file is not downloadable to anonymous user');
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue