core/modules/file/src/FileAccessControlHandler.php | 2 +- .../EntityResource/File/FileResourceTestBase.php | 44 ++++++++++------------ 2 files changed, 20 insertions(+), 26 deletions(-) diff --git a/core/modules/file/src/FileAccessControlHandler.php b/core/modules/file/src/FileAccessControlHandler.php index a82c460..5d41c9f 100644 --- a/core/modules/file/src/FileAccessControlHandler.php +++ b/core/modules/file/src/FileAccessControlHandler.php @@ -23,7 +23,7 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter if ($operation == 'download' || $operation == 'view') { if (\Drupal::service('file_system')->uriScheme($entity->getFileUri()) === 'public') { // Always allow access to file in public file system. - return AccessResult::allowed(); + return AccessResult::allowedIfHasPermissions($account, ['access content', 'administer files'], 'OR'); } elseif ($references = $this->getFileReferences($entity)) { foreach ($references as $field_name => $entity_map) { diff --git a/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php index 3a49fb2..3754bf3 100644 --- a/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php +++ b/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php @@ -32,31 +32,19 @@ ]; /** - * Ugly trick. - */ - protected function correctFileOwner() { - $account = static::$auth ? User::load(2) : User::load(0); - $this->entity->setOwnerId($account->id()); - $this->entity->setOwner($account); - $this->entity->save(); - } - - /** - * {@inheritdoc} - */ - protected function grantPermissionsToTestedRole(array $permissions) { - if ($permissions === ['restful delete entity:file']) { - $this->correctFileOwner(); - } - parent::grantPermissionsToTestedRole($permissions); - } - - /** * {@inheritdoc} */ protected function setUpAuthorization($method) { - $this->correctFileOwner(); - $this->grantPermissionsToTestedRole(['administer files']); + switch ($method) { + case 'GET': + $this->grantPermissionsToTestedRole(['access content']); + break; + case 'POST': + case 'PATCH': + case 'DELETE': + $this->grantPermissionsToTestedRole(['access content', 'administer files']); + break; + } } /** @@ -76,7 +64,7 @@ protected function createEntity() { $file = File::create([ 'uid' => $uid, 'filename' => 'drupal.txt', - 'uri' => 'private://drupal.txt', + 'uri' => 'public://drupal.txt', 'filemime' => 'text/plain', 'status' => FILE_STATUS_PERMANENT, ]); @@ -142,7 +130,7 @@ protected function getExpectedNormalizedEntity() { ], 'uri' => [ [ - 'value' => 'private://drupal.txt', + 'value' => 'public://drupal.txt', ], ], 'uuid' => [ @@ -176,7 +164,9 @@ protected function getNormalizedPostEntity() { * {@inheritdoc} */ protected function getExpectedCacheContexts() { - return []; + return [ + 'user.permissions', + ]; } /** @@ -193,6 +183,10 @@ protected function getExpectedUnauthorizedAccessMessage($method) { if ($this->config('rest.settings')->get('bc_entity_resource_permissions')) { return parent::getExpectedUnauthorizedAccessMessage($method); } + + if ($method === 'GET') { + return "The following permissions are required: 'access content' OR 'administer files'."; + } if ($method === 'PATCH') { return 'You are not authorized to update this file entity.'; }