Contents of file fields in storage entities not viewable without permissions for "View published Storage entities"

Created on 11 July 2024, 5 months ago

Problem/Motivation

I would like non-admin roles that should not be able to edit storage entities to be able to view the contents of file fields. Clicking on either a manual link from rewriting the field via the url formatter or from the generic file formatter leads to a permission denied page without checking "View published Storage entities" for a role (I've tried https://www.drupal.org/project/private_files_download_permission β†’ and https://www.drupal.org/project/field_permissions β†’ to try and override this). Note that all other field types work normally in views.

Due to https://www.drupal.org/project/storage/issues/3457737 πŸ› If displaying a rendered entity in a view, role must have edit permissions to avoid fatal memory exhaustion. Active if I allow a role to view published storage entities without edit permissions for them, it leads to a white screen of death.

Steps to reproduce

Add a file field to a storage entity type
Upload a file to an entity
Try to view that file with a role that does not have edit access to that file

TBH the redirect behaviour in this module seems to be causing issues, I wouldn't mind just having to manually set up rabbit hole or something.

πŸ› Bug report
Status

Active

Version

1.3

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States erutan

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024