Contrib.social

Add test coverage for CONTRIB-2014-015

Open on Drupal.org →
Created on 6 March 2015, about 10 years ago
Updated 5 May 2025, 25 days ago

Problem/Motivation

CONTRIB-2014-015 was covering access to files where the user had access to the current version but the file was attached to an earlier revision.
We don't have this issue in D8 core but we should add explicit test coverage for it to prevent any regressions.

Proposed resolution

Add tests
Steps to test:

  • Write a dummy access-control handler that prevents access to all revisions of a node other than the current one
  • Create a content type with a file field.
  • Create a node and attach a file.
  • Create a new revision of that node and remove the file from the file field.
  • The file is still referenced by the first revision.
  • Ensure the user has access to the current revision.
  • Ensure the user does not have access to the past revision.
  • Ensure the user does not have access to the file.

Remaining tasks

Patch
Review

User interface changes

None

API changes

None

Beta phase evaluation

📌 Task
Status

Active

Version

11.0 🔥

Component

file.module

Created by

🇦🇺Australia larowlan 🇦🇺🏝.au GMT+10

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024