Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In commit be789235303f71c88cfa0337683a1ed83cefe202, the view media
, edit media
and administer media
permissions have been removed. But these permissions are still used/referenced by the media module itself.
- The install and upgrade code In media.install still try to grant the
view media
permission, leading to a PDOException:
PDOException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column module cannot be null: INSERT INTO {role_permission} (rid, permission, module) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2); Array ( [:db_insert_placeholder_0] => 1 [:db_insert_placeholder_1] => view media [:db_insert_placeholder_2] => ) in user_role_grant_permissions() (line 3028 of /var/www/drupal/jenkins/modules/user/user.module).
- The
upload
Media Browser plugin is only available onuser_access('administer media') || user_access('edit media')
. - The
media_browser_list
function protects private files with a check foruser_access('administer media')
. - The
media_field_widget_form
function requires theuser_access('edit media')
to provide a form widget for a media field. - The
admin/config/media/browser
,'admin/content/media'
and'media/browser/testbed'
paths use'access arguments' => array('administer media')
.
Comment | File | Size | Author |
---|---|---|---|
#10 | rename_permission_in_media-1290734-10.patch | 2.14 KB | pbuyle |
#6 | media_file_permissions-1290734-6.patch | 3.81 KB | idflood |
#5 | media.browser.inc_.txt | 13.13 KB | CarbonPig |
#5 | media.fields.inc_.txt | 15.73 KB | CarbonPig |
#5 | media.module.txt | 34.88 KB | CarbonPig |
Comments
Comment #1
pbuyle CreditAttribution: pbuyle commentedHeres is a patch That removes the offending code (needed to fix a local Jenkins build).
Comment #2
pbuyle CreditAttribution: pbuyle commentedComment #2.0
pbuyle CreditAttribution: pbuyle commentedRemoved permissions are still used in media itself.
Comment #3
pbuyle CreditAttribution: pbuyle commentedHere is a patch that replace the media permissions with file ones.
Comment #4
idflood CreditAttribution: idflood commentedI've looked at the patch in #3 and the only problem I had was with the modification of media_update_7008. This patch wasn't applying anymore and it was because this exact update_7008 function has been updated.
In fact now media_update_7200 already take care of removing old permissions in the db. So this patch don't change anything in update() functions and only replace the old permissions with new ones.
Comment #5
CarbonPig CreditAttribution: CarbonPig commentedFYI - for others, some of the line numbers were off on patch #4, but I've attached the modified files with the adjusted changes. All files renamed to .txt for uploading purposes to this comment. You'll need to change back to original extensions.
Seems to alleviate problem of permissions not allowing authenticated users to see media fields.
Comment #6
idflood CreditAttribution: idflood commentedhere is a reroll
Comment #7
idflood CreditAttribution: idflood commentedComment #8
Dave ReidThis should probably be postponed until #1227706: Add a file entity access API as it will yet again change the permission names.
Comment #9
pbuyle CreditAttribution: pbuyle commentedThis is a duplicate of #1295982: Fix permission mismatches between file_entity and media, on of them should be closed.
Comment #10
pbuyle CreditAttribution: pbuyle commentedSome of the misnamed permissions have already been fixed. For instance two of the three menu items are fixed in http://drupalcode.org/project/media.git/commit/80fc1808219b53af529bbf2a0...
The attached patch fixes the remaining ones in menu_media(), media_field_widget_form() and media_browser_list().
Comment #11
bryancasler CreditAttribution: bryancasler commentedsubscribe
Comment #12
michaelfavia CreditAttribution: michaelfavia commentedPatch #10 applies cleanly and fixes permissions for non user1 users. This is needed strongly if we want people testing as it precludes them from using it wholesale unless they are user 1.
Comment #13
Dave ReidCommitted #10 to Git. Thanks!
http://drupalcode.org/project/media.git/commit/42676ad
Comment #14.0
(not verified) CreditAttribution: commentedtypo