In commit be789235303f71c88cfa0337683a1ed83cefe202, the view media, edit media and administer media permissions have been removed. But these permissions are still used/referenced by the media module itself.

  • The install and upgrade code In media.install still try to grant the view media permission, leading to a PDOException:
    PDOException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column module cannot be null: INSERT INTO {role_permission} (rid, permission, module) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2); Array
    (
         [:db_insert_placeholder_0] => 1
         [:db_insert_placeholder_1] => view media
         [:db_insert_placeholder_2] =>
    )
    in user_role_grant_permissions() (line 3028 of /var/www/drupal/jenkins/modules/user/user.module).
    
  • The upload Media Browser plugin is only available on user_access('administer media') || user_access('edit media').
  • The media_browser_list function protects private files with a check for user_access('administer media').
  • The media_field_widget_form function requires the user_access('edit media') to provide a form widget for a media field.
  • The admin/config/media/browser, 'admin/content/media' and 'media/browser/testbed' paths use 'access arguments' => array('administer media').
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

pbuyle’s picture

Heres is a patch That removes the offending code (needed to fix a local Jenkins build).

pbuyle’s picture

Title: PDOException when installing media 7.x-2.x » Removed permisions ares still used in the mdia module itself
pbuyle’s picture

Issue summary: View changes

Removed permissions are still used in media itself.

pbuyle’s picture

Here is a patch that replace the media permissions with file ones.

idflood’s picture

Status: Active » Needs review
FileSize
3.7 KB

I've looked at the patch in #3 and the only problem I had was with the modification of media_update_7008. This patch wasn't applying anymore and it was because this exact update_7008 function has been updated.

In fact now media_update_7200 already take care of removing old permissions in the db. So this patch don't change anything in update() functions and only replace the old permissions with new ones.

CarbonPig’s picture

FYI - for others, some of the line numbers were off on patch #4, but I've attached the modified files with the adjusted changes. All files renamed to .txt for uploading purposes to this comment. You'll need to change back to original extensions.

Seems to alleviate problem of permissions not allowing authenticated users to see media fields.

idflood’s picture

here is a reroll

idflood’s picture

Title: Removed permisions ares still used in the mdia module itself » Removed permisions are still used in the media module itself
Dave Reid’s picture

Priority: Critical » Major

This should probably be postponed until #1227706: Add a file entity access API as it will yet again change the permission names.

pbuyle’s picture

This is a duplicate of #1295982: Fix permission mismatches between file_entity and media, on of them should be closed.

pbuyle’s picture

Some of the misnamed permissions have already been fixed. For instance two of the three menu items are fixed in http://drupalcode.org/project/media.git/commit/80fc1808219b53af529bbf2a0...

The attached patch fixes the remaining ones in menu_media(), media_field_widget_form() and media_browser_list().

bryancasler’s picture

subscribe

michaelfavia’s picture

Status: Needs review » Reviewed & tested by the community

Patch #10 applies cleanly and fixes permissions for non user1 users. This is needed strongly if we want people testing as it precludes them from using it wholesale unless they are user 1.

Dave Reid’s picture

Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

Issue summary: View changes

typo