Contrib.social

Allow users to access file entities using the rokka:// stream wrapper

Open on Drupal.org →
Created on 13 February 2022, about 3 years ago
Updated 1 March 2023, about 2 years ago

Problem/Motivation

In the core File module, access to view and download file entities is only granted by default to the public:// stream wrapper. If file entities are created that are configured to use the Rokka stream wrapper, then users don't have access. This prevents editors from working with entities that reference Rokka files.

Steps to reproduce

A quick way to reproduce this is to add a file field to a node type. If the file field is configured to use the public stream wrapper, then editors (and other users with the 'access content' permission) can attach a file and then save / update the node without errors. When the file field is reconfigured to use the Rokka stream wrapper, then when a file is attached the following error occurs when saving / updating the node:

You do not have access to the referenced entity (file: 9835110).

Proposed resolution

We can use the same logic as used in the file module for public files: all users get access to the download operation, but only users with the access content permission get view access on the file entities (ref. \Drupal\file\FileAccessControlHandler::checkAccess()).

API changes

All users will get access to the download operation on file entities. Users with access content permission will get access to the view operation on file entities.

Data model changes

None.

Feature request
Status

Fixed

Version

2.0

Component

Code

Created by

🇧🇬Bulgaria pfrenssen Sofia

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024