I'm using permissions_by_entity to control access to media and files. Some media and their files need to be restricted for a period of time and then eventually released. I was hoping to use the
file_access_fix module β
to move the files from the private filesystem to the public filesystem when I remove the 'Staff Only' term from the media.
However, with the file_access_fix module enabled, it was automatically pushing my restricted media's files to the public filesystem. What happens is that, on a Media insert or update, it checks the permissions of the Media to see if Anonymous has access. If so, it moves the files to the public filesystem. ALL of my media were returning TRUE on this check, causing the files to be moved, even when they had the 'Staff Only' term applied to the media.
After some liberal use of logging statements, I discovered that permissions_by_entity would ALWAYS return true when checking for Anonymous user access during the hook_media_update or hook_media_presave, even if it would normally deny access to the Media and files.
To reproduce:
- Enable permissions_by_entity
- Create an 'Admin Only' term and only permit admin role access in the usual way
- Create a new Media entity with a file in the private filesystem
- View the media as an Anonymous user, it should render as expected.
- Apply the 'Admin Only' term to the media and save
- Attempt to view the Media and/or file as Anonymous user to find that access is denied (as expected).
- Create a local module 'example' with an example_media_update function to log Anon's access to the Media and enable it. E.g. :
use Drupal\user\Entity\User;
function example_media_update(Drupal\Core\Entity\EntityInterface $entity) {
$hasAccess = ($entity->access('view', User::getAnonymousUser())) ? 'TRUE' : 'FALSE';
\Drupal::logger('example')->debug('Media update access for Annon: '.$hasAccess);
}
- Change a field on the Media (e.g. the alt text for an image or the media label) and save it.
- Check the logs, you will find an entry stating "Media update access for Annon: TRUE" even though the Anonymous user still can't access the media.
This also happens when using other hooks such as hook_entity_view. I would expect that the access check when provided a specific user account would be consistent, but it appears that if the Admin user check's the Anonymous User's access, it always returns true.