Problem/Motivation

In the core File module, access to view and download file entities is only granted by default to the public:// stream wrapper. If file entities are created that are configured to use the Rokka stream wrapper, then users don't have access. This prevents editors from working with entities that reference Rokka files.

Steps to reproduce

A quick way to reproduce this is to add a file field to a node type. If the file field is configured to use the public stream wrapper, then editors (and other users with the 'access content' permission) can attach a file and then save / update the node without errors. When the file field is reconfigured to use the Rokka stream wrapper, then when a file is attached the following error occurs when saving / updating the node:

You do not have access to the referenced entity (file: 9835110).

Proposed resolution

We can use the same logic as used in the file module for public files: all users get access to the download operation, but only users with the access content permission get view access on the file entities (ref. \Drupal\file\FileAccessControlHandler::checkAccess()).

API changes

All users will get access to the download operation on file entities. Users with access content permission will get access to the view operation on file entities.

Data model changes

None.

Issue fork rokka-3264149

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

pfrenssen created an issue. See original summary.

pfrenssen’s picture

pfrenssen
Location Sofia
commented
Issue summary: View changes

pfrenssen opened merge request !12

pfrenssen’s picture

pfrenssen
Location Sofia
commented

The failures are seemingly due to #3259744: PHPUnit 9.5.12 (released 2022-01-21) throws unhandled deprecation notice on "Drupal\Tests\Listeners\DrupalListener" which is recently fixed, but the test ran against Drupal 9.3.0 which does not include the fix. Trying again with the latest version of 9.3.x.

pfrenssen’s picture

pfrenssen
Location Sofia
commented
Status: Active » Needs review

Test green, ready for review!

pfrenssen’s picture

pfrenssen
Location Sofia
commented
pfrenssen’s picture

pfrenssen
Location Sofia
commented

If this is accepted, please credit @didebru who created the initial version of the bugfix.

tcrawford’s picture

tcrawford commented
Status: Needs review » Reviewed & tested by the community

This works. We are using this in the same project that both @pfrenssen and @didebru contribute(d) to.

ayalon made their first commit to this issue’s fork.

ayalon’s picture

ayalon commented

Thanks for the feature and the test. Will be merged in the next version.

  • ayalon committed e5202091 on 2.x authored by pfrenssen 
    Issue #3264149 by pfrenssen, didebru, ayalon, tcrawford: Allow users to...
ayalon’s picture

ayalon commented
Status: Reviewed & tested by the community » Fixed
ayalon’s picture

ayalon commented
Status: Fixed » Closed (fixed)