Contrib.social

MediaLibraryFieldWidgetOpener is too opinionated

Open on Drupal.org β†’
Created on 14 December 2022, over 2 years ago
Updated 21 February 2023, over 2 years ago

Problem/Motivation

media_library.api.php states that while the media library itself is very opinionated, the openers act as a bridge between the system and the library: "An opener is a "bridge" between the opinionated media library modal dialog and whatever is consuming it"

Yet when you look into MediaLibraryFieldWidgetOpener, it is still very opinionated about where it's being used when it comes to access. This has lead to several bug reports so far and it's likely to keep leading to bug reports as implementing code changes on the access level because the opener should frankly not be assuming anything about access checks. Some examples:

Proposed resolution

Simply remove the access checks from the opener. If you're on an entity form using the media library, you obviously have access to be on said form. The media library should then only check for access to the media library. If we stop double-confirming whether you should actually be on the form, all of these bug reports go away.

Remaining tasks

Remove the access checking logic altogether.

API changes

Remove the access checking logic altogether.

πŸ› Bug report
Status

Active

Version

10.1 ✨

Component
MediaΒ  β†’

Last updated about 3 hours ago

Created by

πŸ‡§πŸ‡ͺBelgium kristiaanvandeneynde Antwerp, Belgium

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jeffm2001

    I ran into an issue around this as well, and while I tend to agree it's too opinionated, I did find the original discussion of why these checks were added. It seems like useful context to have, if nothing else.

    #3038254: Delegate media library access to the "thing" that opened the library β†’ starting around comment 62

  • Comment 6 days ago β†’
    πŸ‡ΈπŸ‡ͺSweden erik.erskine

    We've come up against two cases where a user should quite legitimately be able to use the media library but does not have the create access: group and layout builder.

    I am interested in why checkAccess exists at all. As far as I can tell, it doesn't add anything useful. Especially given that while MediaLibraryFieldWidgetOpener considers the entity/bundle you're working on, MediaLibraryEditorOpener (used for ckeditor-added media) does not, and in fact does not even know what the entity/bundle are.

    As a workaround, we have created the Media library unrestricted access β†’ sandbox module. It defines a unrestricted access to the media library permission and bypasses the createAccess check if the user has that permission. It's one stop short of the change this issue proposes, but could be a useful workaround in the meantime.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024