summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Pott2015-08-18 23:50:50 (GMT)
committerAlex Pott2015-08-18 23:50:50 (GMT)
commit7b91c7fec2fc250c8f472fa00a9ebad657735082 (patch)
treed1de411340a4e4033d6c6eebb723189a188df4f4
parent55f6f4259b7e0db8f1263b234fccb6c458ca7f20 (diff)
Issue #2533978 by Denchev, Dave Reid, legolasbo, Berdir: $entity->access('view|download') for unattached public files returns FALSE
-rw-r--r--core/modules/file/src/FileAccessControlHandler.php9
-rw-r--r--core/modules/file/src/Tests/FileManagedAccessTest.php73
2 files changed, 79 insertions, 3 deletions
diff --git a/core/modules/file/src/FileAccessControlHandler.php b/core/modules/file/src/FileAccessControlHandler.php
index 2e336af..f6f4a46 100644
--- a/core/modules/file/src/FileAccessControlHandler.php
+++ b/core/modules/file/src/FileAccessControlHandler.php
@@ -22,10 +22,13 @@ class FileAccessControlHandler extends EntityAccessControlHandler {
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
-
+ /** @var \Drupal\file\FileInterface $entity */
if ($operation == 'download' || $operation == 'view') {
- $references = $this->getFileReferences($entity);
- if ($references) {
+ if (\Drupal::service('file_system')->uriScheme($entity->getFileUri()) === 'public') {
+ // Always allow access to file in public file system.
+ return AccessResult::allowed();
+ }
+ elseif ($references = $this->getFileReferences($entity)) {
foreach ($references as $field_name => $entity_map) {
foreach ($entity_map as $referencing_entity_type => $referencing_entities) {
/** @var \Drupal\Core\Entity\EntityInterface $referencing_entity */
diff --git a/core/modules/file/src/Tests/FileManagedAccessTest.php b/core/modules/file/src/Tests/FileManagedAccessTest.php
new file mode 100644
index 0000000..73c1acc
--- /dev/null
+++ b/core/modules/file/src/Tests/FileManagedAccessTest.php
@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\file\Tests\FileManagedAccessTest.
+ */
+
+namespace Drupal\file\Tests;
+
+use Drupal\file\Entity\File;
+
+/**
+ * Tests access to managed files.
+ *
+ * @group file
+ */
+class FileManagedAccessTest extends FileManagedTestBase {
+
+ /**
+ * Tests if public file is always accessible.
+ */
+ function testFileAccess() {
+ // Create a new file entity.
+ $file = File::create(array(
+ 'uid' => 1,
+ 'filename' => 'drupal.txt',
+ 'uri' => 'public://drupal.txt',
+ 'filemime' => 'text/plain',
+ 'status' => FILE_STATUS_PERMANENT,
+ ));
+ file_put_contents($file->getFileUri(), 'hello world');
+
+ // Save it, inserting a new record.
+ $file->save();
+
+ // Create authenticated user to check file access.
+ $account = $this->createUser(array('access site reports'));
+
+ $this->assertTrue($file->access('view', $account), 'Public file is viewable to authenticated user');
+ $this->assertTrue($file->access('download', $account), 'Public file is downloadable to authenticated user');
+
+ // Create anonymous user to check file access.
+ $account = $this->createUser()->getAnonymousUser();
+
+ $this->assertTrue($file->access('view', $account), 'Public file is viewable to anonymous user');
+ $this->assertTrue($file->access('download', $account), 'Public file is downloadable to anonymous user');
+
+ // Create a new file entity.
+ $file = File::create(array(
+ 'uid' => 1,
+ 'filename' => 'drupal.txt',
+ 'uri' => 'private://drupal.txt',
+ 'filemime' => 'text/plain',
+ 'status' => FILE_STATUS_PERMANENT,
+ ));
+ file_put_contents($file->getFileUri(), 'hello world');
+
+ // Save it, inserting a new record.
+ $file->save();
+
+ // Create authenticated user to check file access.
+ $account = $this->createUser(array('access site reports'));
+
+ $this->assertFalse($file->access('view', $account), 'Private file is not viewable to authenticated user');
+ $this->assertFalse($file->access('download', $account), 'Private file is not downloadable to authenticated user');
+
+ // Create anonymous user to check file access.
+ $account = $this->createUser()->getAnonymousUser();
+
+ $this->assertFalse($file->access('view', $account), 'Private file is not viewable to anonymous user');
+ $this->assertFalse($file->access('download', $account), 'Private file is not downloadable to anonymous user');
+ }
+}