Contrib.social

Referencing new media requires "administer media" permission

Open on Drupal.org β†’
Created on 3 February 2020, over 4 years ago
Updated 24 March 2024, 2 months ago

Problem/Motivation

Entity configuration:

  1. Install Inline Entity Form
  2. Create a media entity bundle "Media Test"
  3. Add a media reference field to a content type to reference "Media Test" only
  4. Select "Create referenced entities if they don't already exist"
  5. Under "Manage form display" set the widget to "Inline entity form - Simple"

User configuration:

  1. Add a new user
  2. Set relevant permissions for creating the content type and entity type
  3. Set relevant permissions for viewing unpublished and editing the entity types
  4. Do not select "administer media"

Log in as the new user and try to create a new page with reference media. The following error is displayed:

This entity (media: media_test) cannot be referenced.

See Drupal\media\Plugin\EntityReferenceSelection\MediaSelection:

  /**
   * {@inheritdoc}
   */
  public function validateReferenceableNewEntities(array $entities) {
    $entities = parent::validateReferenceableNewEntities($entities);
    // Mirror the conditions checked in buildEntityQuery().
    if (!$this->currentUser->hasPermission('administer media')) {
      $entities = array_filter($entities, function ($media) {
        /** @var \Drupal\media\MediaInterface $media */
        return $media->isPublished();
      });
    }
    return $entities;
  }

Giving the user the permission "administer media" allows the node and referenced media entity to be created. I think it would be preferable for this permission to not be required.

Proposed resolution

Unsure, maybe another permission to check when the user doesn't have "administer media" permission.

Remaining tasks

Either resolve the issue or explain why it's desirable to keep the current behaviour.
Add test coverage

User interface changes

None.

API changes

Unsure.

Data model changes

None.

πŸ› Bug report
Status

Needs work

Version

11.0 πŸ”₯

Component
MediaΒ  β†’

Last updated 1 day ago

Created by

πŸ‡¦πŸ‡ΊAustralia imclean Tasmania

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States Daniel Korte Brooklyn, NY

    I’m changing this to a Bug Report since I would expect this behavior from the view own unpublished media permission, but let me know if I’m wrong here.

    I cleaned things up and addressed comment #12 concerns. Also, I noticed the existing patches don’t apply to the Media Library Grid/Table Widget which also has this issue. I updated the Views config to mirror what is being used on the Media Library admin page with the media_status plugin. Everything appears to be working with the view own unpublished media permission now.

  • Status changed to Needs work 2 months ago
  • Comment 2 months ago β†’
    needs-review-queue-bot

    The Needs Review Queue Bot β†’ tested this issue.

    While you are making the above changes, we recommend that you convert this patch to a merge request β†’ . Merge requests are preferred over patches. Be sure to hide the old patch files as well. (Converting an issue to a merge request without other contributions to the issue will not receive credit.)

  • Status changed to Needs review 2 months ago
  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States Daniel Korte Brooklyn, NY
  • Merge request !7167Fix media selection with the 'view own unpublished media' permission β†’ (Open) created by Daniel Korte
  • Pipeline finished with Failed
    2 months ago
    Total: 189s
    #126799
  • Status changed to Needs work 2 months ago
  • Comment 2 months ago β†’
    needs-review-queue-bot

    The Needs Review Queue Bot β†’ tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

    This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

    Consult the Drupal Contributor Guide β†’ to find step-by-step guides for working with issues.

  • Status changed to Needs review 2 months ago
  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States Daniel Korte Brooklyn, NY

    Try again...

  • Pipeline finished with Failed
    2 months ago
    Total: 589s
    #127126
  • Status changed to Needs work 2 months ago
  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Unsure, maybe another permission to check when the user doesn't have "administer media" permission.

    Don't think this matches the solution in the MR

    As a bug will need a failing test case showing the issue.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024