Contrib.social

Error: You do not have access to the referenced entity file.

Open on Drupal.org β†’
Created on 9 November 2018, about 6 years ago
Updated 13 April 2023, over 1 year ago

Hi,

I have a use case where I'm migrating more than 10 years of content and it's images to Drupal which are on the same S3 bucket as the Drupal is using but in other directories outside s3file-public.

So we built an API to receive and create the content on Drupal. The API creates a file entity with the URI pointing to s3://something/old-picture.jpg and then filling the image field on the content it self (field_image).
But when the content is being validated before it saves the entity access enters and there's nothing that allows access for the file entity to be referenced on a content.

After some digging I found out the root cause. The /core/modules/file/src/FileAccessControlHandler.php checks four things:

  1. uri scheme is "public"
  2. the file entity already is being referenced by other content besides the one being created at that time
  3. the file owner is the same as the current user
  4. only the file owner can delete and update the file entity.

and in case none fo them are valid, the access result is neutral, which means that the resulted access is $result->isAllowed() = FALSE and thats why I get the "You do not have access to the referenced entity file." error message.

To solve this issue I think we have two options:

  1. Override the File entity control handler to use one which S3 owns and extends from FileAccessControlHandler class.
  2. Use a simple hook_ENTITY_TYPE_access() and add the missing code.

Since I have to deliver a solution right now, I implemented the second option, using the access hook, but I have doubts about how we should check for permissions, etc...

Any thoughts on this would be very welcome :)

Cheers!

πŸ› Bug report
Status

Closed: works as designed

Version

3.0

Component

Code

Created by

πŸ‡§πŸ‡·Brazil sebas5384

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago β†’
    πŸ‡ͺπŸ‡ΈSpain rcodina Barcelona

    Patch on #11 works like a charm.

  • Comment over 1 year ago β†’
    πŸ‡ΈπŸ‡ΎSyria alsammanKhaled

    I am facing the same error "field_cover_image.0: You do not have access to the referenced entity". but I am not sure if this is happening because of S3 bucket or Feeds module. Can anyone guide me how to debug this to identify the issue?
    I am using:
    Drupal: 9.4.2
    S3: 8.x-3.1

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States astringer

    I had this problem with an authenticate user and user_picture in the public folder.

    The patch did not work, at first. It did work once I changed the storage of the user_picture to private.

    I didn't have time to investigate further, ping me if you anyone wants more details. (And it's strange because it worked a couple of days ago with the public folder, and no patch.).

    Crossing my fingers it holds.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024