Contrib.social

Access denied to published private file if original translation is unpublished

Open on Drupal.org →
Created on 20 June 2017, about 8 years ago
Updated 18 January 2023, over 2 years ago

Problem/Motivation

When trying to access a file that is referenced by a single entity, access is denied if that entity's original translation is unpublished, even if a published translation referencing the same file exists.

Steps to reproduce:

  1. Use a multilingual site with content_translation
  2. Create a translatable entity with a file/image field as unpublished
  3. Create a published translation of the entity
  4. Access the file as guest

Expected result:
File is displayed, because the translation is accessible.

Actual result:
The user receives a 403.

Proposed resolution

Check all translations of the referencing entity and grant file access if at least one translation is accessible. (Field access should still be checked.)

Remaining tasks

Write tests to reproduce the issue.

🐛 Bug report
Status

Needs review

Version

9.5

Component
File system 

Last updated 2 days ago

Created by

🇩🇪Germany ckaotik Berlin

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Status changed to Needs work over 2 years ago
  • Comment over 2 years ago
    🇺🇸United States smustgrave

    For the tests.

  • Comment about 1 month ago
    🇮🇳India mohit_aghera Rajkot

    This is probably the duplicate of #3090998
    The other issue has tests as well.

    I feel we should close this issue and direct efforts to the other issue.

    @herved @Omega_yang
    Can you please try the patch in the #3090998 and see if it solves the issues.

    Closing the issue for now.
    Please re-open again if you feel the mentioned issue doesn't solve the issue.
    If you see anything missing, I can update the patch in the other issues to make it work.

  • Status changed to Closed: duplicate about 1 month ago
  • Comment about 1 month ago
    🇮🇳India mohit_aghera Rajkot
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024