-
LOBsTerr β
committed d931984b on 8.x-2.x authored by
Ludo.R β
Issue #3238469 by Ludo.R, LOBsTerr: Groupmedia is not checking group...
-
LOBsTerr β
committed d931984b on 8.x-2.x authored by
Ludo.R β
- Status changed to Fixed
over 1 year ago 1:52pm 2 March 2023 Automatically closed - issue fixed for 2 weeks with no activity.
- Status changed to Fixed
over 1 year ago 10:11am 27 March 2023 - π©πͺGermany Hydra
Is there a particular reason that this has not been fixed for 4.0.x as well?
- π©πͺGermany Hydra
nvm - I see it has been adjusted to group_relationship, but still the upload does not work in media library modal without the global permission "create media" - I will open a new issue for that.
- π§πͺBelgium LOBsTerr
@Hydra, it has been done already. Check the latest release. I was working on the release porting some commits from 2 version to 3 and then to 4 version and it took me some time
https://git.drupalcode.org/project/groupmedia/-/commit/d3c65fd13fa05c0940b754f0b9743ad10c5f234f
- π©πͺGermany Hydra
Yeah I stumbled on this. I think we need to add an additional AccessControlHandler on the Media entity in order to allow the upload via media library modal (not on the relationship create form itself)
- π§πͺBelgium LOBsTerr
Yes, I can do it later. For the moment. I just decided to port as it is.
- π§πͺBelgium msnassar
Hello @Hydra and @LOBsTerr
We have encountered the same issue on a website. We have fixed the issue locally. But now as we need do to the same for new website, I have created a contrib module Group Media Library β . The module comes with some useful sub-modules: integration with the groupmedia, a fix for https://www.drupal.org/project/group/issues/3071489 π Incorrect Access Check on Media Library RTBC , and media tracker for media library...
- π§πͺBelgium msnassar
@LOBsTerr @Ludo.R
I started to update groupmedia module from 8.x-2.0-alpha11 to 8.x-2.0-rc2 for a website.
As I understand from #5, the patch, is not fixing the media library issue. But the access to media for the entity.group_content.group_media_add_page route (/group/1/media). Anyway, I wonder if the patch in #5 is the write way to fix the issue with the route (/group/1/media):
- If a website has a custom access handler for checking the access, the custom access handler won't be taken into consideration as the patch is just checking the access using group permissions. I think - the best way - is to fix the issue in the group module (this is because the same issue is happening with other entity types e.g. nodes). This has been already fixed in group 2 and 3 (See next point)
- As mentioned in #12: The same patch has been used for version 3 and 4. Do we still need this for version 3 and 4? Group module version 2 and 3 do check the access already here https://git.drupalcode.org/project/group/-/blob/3.0.x/src/Entity/Control.... This is not the case with group 1. See here https://git.drupalcode.org/project/group/-/blob/8.x-1.x/src/Entity/Contr...