' . t('Use Media reference fields for most files, images, audio, videos, and remote media. Use File or Image reference fields when creating your own media types, or for legacy files and images created before enabling the Media module.') . '
'; + $output .= '' . t('Media items behave differently than files and images regarding restricted access. While files and images, when configured to use the private storage, will inherit access permissions from the content where they are attached to, Media items have their own access restrictions. This usually means that by default users could have access to files on Media items even though they do not have access to the content that references the Media items. More information on configuring media access restrictions.', [ + '@doc_url' => 'https://www.drupal.org/docs/8/core/modules/media/setting-up-private-access-to-media-items', + ]) . '
'; return $output; + + case 'entity.media.field_ui_fields': + // If there are file fields on media types using the private scheme, users + // may have the expectation that they inherit access from their parent + // entities, which is something that media items don't do by default. + // Show a message letting them know that. + $media_type = \Drupal::routeMatch()->getParameter('media_type'); + /** @var \Drupal\field\FieldConfigInterface $source_definition */ + $source_definition = $media_type->getSource()->getSourceFieldDefinition($media_type); + if (!in_array($source_definition->getType(), ['file', 'image'])) { + return; + } + if ($source_definition->getSetting('uri_scheme') === 'private' + && \Drupal::config('media.settings')->get('show_private_scheme_warning')) { + return '' . t('The source field is configured to use the private file storage. By default, the media items will be accessible to any users with access to %type media, even if the user does not have access to content that references it. More information on configuring media access restrictions.', [ + '%type' => $media_type->label(), + '@doc_url' => 'https://www.drupal.org/docs/8/core/modules/media/setting-up-private-access-to-media-items', + ]) . '
'; + } } } @@ -336,28 +359,3 @@ function media_preprocess_media_reference_help(&$variables) { } } } - -/** - * Implements hook_page_attachments(). - */ -function media_page_attachments(&$attachments) { - // If there are file fields on media types using the private scheme, users - // may have the expectation that they inherit access from their parent - // entities, which is something that media items don't do by default. Show a - // warning letting users know that. - if (\Drupal::routeMatch()->getRouteName() !== 'entity.media.field_ui_fields') { - return; - } - $media_type = \Drupal::routeMatch()->getParameter('media_type'); - /** @var \Drupal\field\FieldConfigInterface $source_definition */ - $source_definition = $media_type->getSource()->getSourceFieldDefinition($media_type); - if (!in_array($source_definition->getType(), ['file', 'image'])) { - return; - } - if ($source_definition->getSetting('uri_scheme') === 'private' - && \Drupal::config('media.settings')->get('show_private_scheme_warning')) { - \Drupal::messenger()->addWarning(t('The source field is configured to use the private file storage. By default, access control for assets on media items is not inherited from the entity that references them. More information about how to restrict access for assets on media items can be found on this documentation page.', [ - '@doc_url' => 'https://www.drupal.org/docs/8/core/modules/media/setting-up-private-access-to-media-items', - ])); - } -}