Access denied to published private file if original translation is unpublished

Created on 20 June 2017, over 7 years ago

Updated 14 February 2023, almost 2 years ago

Problem/Motivation

When trying to access a file that is referenced by a single entity, access is denied if that entity's original translation is unpublished, even if a published translation referencing the same file exists.

Steps to reproduce:

Use a multilingual site with content_translation
Create a translatable entity with a file/image field as unpublished
Create a published translation of the entity
Access the file as guest

Expected result:
File is displayed, because the translation is accessible.

Actual result:
The user receives a 403.

Proposed resolution

Check all translations of the referencing entity and grant file access if at least one translation is accessible. (Field access should still be checked.)

Remaining tasks

Write tests to reproduce the issue.

🐛 Bug report

Status

Needs work

Version

9.5

Component

File system →

Last updated about 3 hours ago

Maintained by
🇦🇺Australia @kim.pepper

Created by

🇩🇪Germany ckaotik Berlin

Live updates comments and jobs are added and updated live.

Needs tests
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Needs Review Queue Initiative
Used to track the progress of issues reviewed by the Drupal Needs Review Queue Initiative.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Status changed to Needs work almost 2 years ago4:37pm 14 February 2023
Comment almost 2 years ago →
🇺🇸United States smustgrave
For the tests.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024