.../file/src/Plugin/rest/resource/FileUploadResource.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php b/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php index acb2a88..adae53f 100644 --- a/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php +++ b/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php @@ -3,6 +3,7 @@ namespace Drupal\file\Plugin\rest\resource; use Drupal\Component\Utility\Bytes; +use Drupal\Core\Entity\EntityTypeManagerInterface; use Drupal\Core\Field\FieldDefinitionInterface; use Drupal\Core\Session\AccountInterface; use Drupal\Core\Utility\Token; @@ -54,6 +55,11 @@ class FileUploadResource extends ResourceBase { protected $serializer; /** + * @var \Drupal\Core\Entity\EntityTypeManagerInterface + */ + protected $entityTypeManager; + + /** * @var \Drupal\Core\Entity\EntityFieldManagerInterface */ protected $entityFieldManager; @@ -88,6 +94,8 @@ class FileUploadResource extends ResourceBase { * A logger instance. * @param \Drupal\Core\File\FileSystem $file_system * The file system service. + * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager + * The entity type manager. * @param \Drupal\Core\Entity\EntityFieldManagerInterface $entity_field_manager * The entity field manager. * @param \Drupal\Core\Session\AccountInterface $current_user @@ -98,9 +106,10 @@ class FileUploadResource extends ResourceBase { * The token replacement instance. * */ - public function __construct(array $configuration, $plugin_id, $plugin_definition,$serializer_formats, LoggerInterface $logger, FileSystem $file_system, EntityFieldManagerInterface $entity_field_manager, AccountInterface $current_user, MimeTypeGuesserInterface $mime_type_guesser, Token $token) { + public function __construct(array $configuration, $plugin_id, $plugin_definition, $serializer_formats, LoggerInterface $logger, FileSystem $file_system, EntityTypeManagerInterface $entity_type_manager, EntityFieldManagerInterface $entity_field_manager, AccountInterface $current_user, MimeTypeGuesserInterface $mime_type_guesser, Token $token) { parent::__construct($configuration, $plugin_id, $plugin_definition, $serializer_formats, $logger); $this->fileSystem = $file_system; + $this->entityTypeManager = $entity_type_manager; $this->entityFieldManager = $entity_field_manager; $this->currentUser = $current_user; $this->mimeTypeGuesser = $mime_type_guesser; @@ -118,6 +127,7 @@ public static function create(ContainerInterface $container, array $configuratio $container->getParameter('serializer.formats'), $container->get('logger.factory')->get('rest'), $container->get('file_system'), + $container->get('entity_type.manager'), $container->get('entity_field.manager'), $container->get('current_user'), $container->get('file.mime_type.guesser'), @@ -242,8 +252,7 @@ protected function validateAndLoadFieldDefinition($entity_type_id, $bundle, $fie // @todo check the definition is a file field. $field_definition = $field_definitions[$field_name]; - // Check access. - if (!$field_definition->access('create')) { + if (!$this->entityTypeManager->getAccessControlHandler($entity_type_id)->fieldAccess('create', $field_definition)) { throw new AccessDeniedHttpException(sprintf('Access denied for field "%s"', $field_name)); }