Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2950127 by owenbush, Yogesh Pawar, msankhala, Wim Leers, vaplas: Add helpful reason for 'update' and 'delete' access not being allowed to FileAccessControlHandler

8.6.x
Alex Pott 2018-05-08 00:25:49 +01:00
parent bdf6c01cb1
commit ec8b4f8c48
No known key found for this signature in database
GPG Key ID: 31905460D4A69276
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/modules/file/src/FileAccessControlHandler.php
View File

@ -64,11 +64,11 @@ class FileAccessControlHandler extends EntityAccessControlHandler {
if ($operation == 'delete' || $operation == 'update') {
$account = $this->prepareUser($account);
$file_uid = $entity->get('uid')->getValue();
// Only the file owner can delete and update the file entity.
// Only the file owner can update or delete the file entity.
if ($account->id() == $file_uid[0]['target_id']) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
return AccessResult::forbidden('Only the file owner can update or delete the file entity.');
}
// No opinion.

4
core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php
View File

@ -224,8 +224,8 @@ abstract class FileResourceTestBase extends EntityResourceTestBase {
if ($method === 'GET') {
return "The 'access content' permission is required.";
}
if ($method === 'PATCH') {
return 'You are not authorized to update this file entity.';
if ($method === 'PATCH' || $method === 'DELETE') {
return 'Only the file owner can update or delete the file entity.';
}
return parent::getExpectedUnauthorizedAccessMessage($method);
}