From 7b91c7fec2fc250c8f472fa00a9ebad657735082 Mon Sep 17 00:00:00 2001 From: Alex Pott Date: Wed, 19 Aug 2015 00:50:50 +0100 Subject: [PATCH] Issue #2533978 by Denchev, Dave Reid, legolasbo, Berdir: $entity->access('view|download') for unattached public files returns FALSE --- .../file/src/FileAccessControlHandler.php | 9 ++- .../file/src/Tests/FileManagedAccessTest.php | 73 +++++++++++++++++++ 2 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 core/modules/file/src/Tests/FileManagedAccessTest.php diff --git a/core/modules/file/src/FileAccessControlHandler.php b/core/modules/file/src/FileAccessControlHandler.php index 2e336af5601..f6f4a46945f 100644 --- a/core/modules/file/src/FileAccessControlHandler.php +++ b/core/modules/file/src/FileAccessControlHandler.php @@ -22,10 +22,13 @@ class FileAccessControlHandler extends EntityAccessControlHandler { * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { - + /** @var \Drupal\file\FileInterface $entity */ if ($operation == 'download' || $operation == 'view') { - $references = $this->getFileReferences($entity); - if ($references) { + if (\Drupal::service('file_system')->uriScheme($entity->getFileUri()) === 'public') { + // Always allow access to file in public file system. + return AccessResult::allowed(); + } + elseif ($references = $this->getFileReferences($entity)) { foreach ($references as $field_name => $entity_map) { foreach ($entity_map as $referencing_entity_type => $referencing_entities) { /** @var \Drupal\Core\Entity\EntityInterface $referencing_entity */ diff --git a/core/modules/file/src/Tests/FileManagedAccessTest.php b/core/modules/file/src/Tests/FileManagedAccessTest.php new file mode 100644 index 00000000000..73c1accda93 --- /dev/null +++ b/core/modules/file/src/Tests/FileManagedAccessTest.php @@ -0,0 +1,73 @@ + 1, + 'filename' => 'drupal.txt', + 'uri' => 'public://drupal.txt', + 'filemime' => 'text/plain', + 'status' => FILE_STATUS_PERMANENT, + )); + file_put_contents($file->getFileUri(), 'hello world'); + + // Save it, inserting a new record. + $file->save(); + + // Create authenticated user to check file access. + $account = $this->createUser(array('access site reports')); + + $this->assertTrue($file->access('view', $account), 'Public file is viewable to authenticated user'); + $this->assertTrue($file->access('download', $account), 'Public file is downloadable to authenticated user'); + + // Create anonymous user to check file access. + $account = $this->createUser()->getAnonymousUser(); + + $this->assertTrue($file->access('view', $account), 'Public file is viewable to anonymous user'); + $this->assertTrue($file->access('download', $account), 'Public file is downloadable to anonymous user'); + + // Create a new file entity. + $file = File::create(array( + 'uid' => 1, + 'filename' => 'drupal.txt', + 'uri' => 'private://drupal.txt', + 'filemime' => 'text/plain', + 'status' => FILE_STATUS_PERMANENT, + )); + file_put_contents($file->getFileUri(), 'hello world'); + + // Save it, inserting a new record. + $file->save(); + + // Create authenticated user to check file access. + $account = $this->createUser(array('access site reports')); + + $this->assertFalse($file->access('view', $account), 'Private file is not viewable to authenticated user'); + $this->assertFalse($file->access('download', $account), 'Private file is not downloadable to authenticated user'); + + // Create anonymous user to check file access. + $account = $this->createUser()->getAnonymousUser(); + + $this->assertFalse($file->access('view', $account), 'Private file is not viewable to anonymous user'); + $this->assertFalse($file->access('download', $account), 'Private file is not downloadable to anonymous user'); + } +}