diff --git a/core/modules/media/src/MediaAccessControlHandler.php b/core/modules/media/src/MediaAccessControlHandler.php index 433d8094df..ccfb36a560 100644 --- a/core/modules/media/src/MediaAccessControlHandler.php +++ b/core/modules/media/src/MediaAccessControlHandler.php @@ -32,7 +32,7 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter $access_result->setReason("The 'view media' permission is required and the media item must be published."); } } - else { + elseif ($is_owner) { $access_result = AccessResult::allowedIf($account->hasPermission('view own unpublished media') && $is_owner) ->cachePerPermissions() ->cachePerUser() @@ -41,6 +41,9 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter $access_result->setReason("The 'view own unpublished media' permission is required."); } } + else { + $access_result = AccessResult::neutral()->cachePerPermissions(); + } return $access_result; case 'update': diff --git a/core/modules/media/tests/src/Functional/MediaAccessTest.php b/core/modules/media/tests/src/Functional/MediaAccessTest.php index 55e18512f3..da2cfc1e6c 100644 --- a/core/modules/media/tests/src/Functional/MediaAccessTest.php +++ b/core/modules/media/tests/src/Functional/MediaAccessTest.php @@ -101,6 +101,9 @@ public function testMediaAccess() { // Verify the author can not view the unpublished media item without // 'view own unpublished media' permission. $this->grantPermissions($role, ['view media']); + $this->drupalGet('media/' . $user_media->id()); + $this->assertNoCacheContext('user'); + $this->assertCacheContext('user.permissions'); $user_media->setUnpublished()->save(); $this->drupalGet('media/' . $user_media->id()); $this->assertCacheContext('user'); @@ -191,7 +194,7 @@ public function testMediaAccess() { */ public function testMediaAnonymousUserAccess() { $assert_session = $this->assertSession(); - $media_type = $this->createMediaType(); + $media_type = $this->createMediaType('test'); // Create media as anonymous user. $user_media = Media::create([ @@ -223,7 +226,7 @@ public function testMediaAnonymousUserAccess() { */ public function testReferencedRendering() { // Create a media type and a entity reference to itself. - $media_type = $this->createMediaType(); + $media_type = $this->createMediaType('test'); FieldStorageConfig::create([ 'field_name' => 'field_reference', diff --git a/core/modules/media/tests/src/Kernel/MediaAccessControlHandlerTest.php b/core/modules/media/tests/src/Kernel/MediaAccessControlHandlerTest.php index 9ac5f88056..614e66aebf 100644 --- a/core/modules/media/tests/src/Kernel/MediaAccessControlHandlerTest.php +++ b/core/modules/media/tests/src/Kernel/MediaAccessControlHandlerTest.php @@ -73,7 +73,7 @@ public function testCreateAccess(array $permissions, AccessResultInterface $expe /** @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface $access_handler */ $access_handler = $this->container->get('entity_type.manager')->getAccessControlHandler('media'); - $this->assertAccess($expected_result, $expected_cache_contexts, $expected_cache_tags, $access_handler->createAccess([], $user, [], TRUE)); + $this->assertAccess($expected_result, $expected_cache_contexts, $expected_cache_tags, $access_handler->createAccess('test', $user, [], TRUE)); } /** @@ -126,16 +126,16 @@ public function testAccessProvider() { [], 'update', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'permissionless + owner delete' => [ [], [], 'delete', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'user + owner view' => [ [ @@ -155,10 +155,9 @@ public function testAccessProvider() { ], [], 'update', - AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'user + owner delete' => [ [ @@ -168,8 +167,8 @@ public function testAccessProvider() { [], 'delete', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'user + unpublished view' => [ [ @@ -178,7 +177,6 @@ public function testAccessProvider() { ], [], 'view', - AccessResult::allowed(), ['user.permissions', 'user'], ['media:1'], @@ -191,8 +189,8 @@ public function testAccessProvider() { [], 'update', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'user + unpublished delete' => [ [ @@ -202,8 +200,8 @@ public function testAccessProvider() { [], 'delete', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'anonymous + unpublished view' => [ [ @@ -212,10 +210,9 @@ public function testAccessProvider() { ], ['uid' => 0], 'view', - AccessResult::neutral(), ['user.permissions'], - ['media:1'], + [], ], 'anonymous + unpublished update' => [ [ @@ -225,8 +222,8 @@ public function testAccessProvider() { ['uid' => 0], 'update', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'anonymous + unpublished delete' => [ [ @@ -236,8 +233,8 @@ public function testAccessProvider() { ['uid' => 0], 'delete', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'user + published' => [ ['view media'], @@ -252,16 +249,16 @@ public function testAccessProvider() { ['uid' => 0, 'status' => TRUE], 'update', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'user + delete' => [ ['view media'], ['uid' => 0, 'status' => TRUE], 'delete', AccessResult::neutral(), - ['user.permissions', 'user'], - ['media:1'], + ['user.permissions'], + [], ], 'owner + owner view' => [ [ @@ -314,7 +311,6 @@ public function testAccessProvider() { ], ['uid' => 0, 'status' => TRUE], 'view', - AccessResult::allowed(), ['user.permissions'], ['media:1'], @@ -357,7 +353,7 @@ public function testAccessProvider() { 'view', AccessResult::neutral(), ['user.permissions'], - ['media:1'], + [], ], 'admin + unpublished update' => [ [