Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
If you run a site with modules also implementing hook_file_entity_access()
and you want to restrict access to files without specifically returning FILE_ENTITY_ACCESS_DENY this is impossible with the commerce_file module enabled.
This is because commerce_file_file_entity_access()
too easily grands access to files which aren't licensed.
Proposed resolution
Check earlier in commerce_file_file_entity_access()
if the file is licensable, to be able to return FILE_ENTITY_ACCESS_IGNORE when the file is not licensable.
Comment | File | Size | Author |
---|---|---|---|
#1 | commerce_file-file_entity_access_ignore-2539122-1.patch | 709 bytes | dmsmidt |
Comments
Comment #1
dmsmidtAnd a patch fixing this issue.