I'm using the latest dev version of the Media Entity and would like to know how one would secure files on a per user role(s) base?

The use case is as follows. In a corporate intranet users with different roles are uploading files into the media management section. Some of those files should not be visible by all users (roles). Is there a way to connect the media with any access control layer to filter for example entity reference view lists and such based on the current users role?

Is there any other way to restrict access to media?

Comments

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous as a volunteer commented

mikewink created an issue. See original summary.

slashrsm’s picture

slashrsm CreditAttribution: slashrsm at MD Systems GmbH for Acquia commented
Category: Support request » Feature request
Issue tags: +D8Media

Media entity currently doesn't support so fine-grained access control. Would be a nice feature, though.

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented

It doesn't have an access grant system, but entity queries and afaik also views *does* have a generic entity query alter hook. hook_query_media_entity_access_alter(AlterableInterface $query) should work and you should be able to add additional conditions. Not exactly easy, but you could try to do a join through the user and his role assignments or explicitly store something on a configurable field and join/filter on that.