Voting starts in March for the Drupal Association Board election.
The entity:file resource needs an access controller in order to be able to view file entities through the REST module.
1. On a clean Drupal installation, Enable rest module.
2. Add a file filed to the page content type and create a page adding a file to it.
3. Enable node and file REST resources and give permissions to anonymous users to access GET method on these two.
4. Request http://d8.local/entity/node/1 >> you will get the page node, which contains the file entity.
5. Request http://d8.local/entity/file/1 >> you will get a 403 error.
This happens because the file entity uses EntityAccessController->checkAccess(), which simply looks for the permission 'administer files'.
Should we add more fine grained permissions for entities in the rest module?
FAILED: [[SimpleTest]]: [MySQL] 63,334 pass(es), 1 fail(s), and 0 exception(s). View
FAILED: [[SimpleTest]]: [PHP 5.4 MySQL] Unable to apply patch 2128791-32.patch. Unable to apply patch. See the log in the details link for more information. View
PASSED: [[SimpleTest]]: [MySQL] 60,043 pass(es). View
FAILED: [[SimpleTest]]: [MySQL] 59,898 pass(es), 1 fail(s), and 0 exception(s). View