X-Git-Url: http://www.aleph1.co.uk/gitweb/?a=blobdiff_plain;ds=sidebyside;f=web%2Fcore%2Fmodules%2Ffile%2Fsrc%2FFileAccessControlHandler.php;fp=web%2Fcore%2Fmodules%2Ffile%2Fsrc%2FFileAccessControlHandler.php;h=e378b648dfb95acad1894c6b6930d8450ed18d37;hb=af6d1fb995500ae68849458ee10d66abbdcfb252;hp=f4bda3cb7d266490ec216fe5c75bf62ff9991a1c;hpb=680c79a86e3ed402f263faeac92e89fb6d9edcc0;p=yaffs-website

diff --git a/web/core/modules/file/src/FileAccessControlHandler.php b/web/core/modules/file/src/FileAccessControlHandler.php
index f4bda3cb7..e378b648d 100644
--- a/web/core/modules/file/src/FileAccessControlHandler.php
+++ b/web/core/modules/file/src/FileAccessControlHandler.php
@@ -22,8 +22,12 @@ class FileAccessControlHandler extends EntityAccessControlHandler {
     /** @var \Drupal\file\FileInterface $entity */
     if ($operation == 'download' || $operation == 'view') {
       if (\Drupal::service('file_system')->uriScheme($entity->getFileUri()) === 'public') {
-        // Always allow access to file in public file system.
-        return AccessResult::allowed();
+        if ($operation === 'download') {
+          return AccessResult::allowed();
+        }
+        else {
+          return AccessResult::allowedIfHasPermission($account, 'access content');
+        }
       }
       elseif ($references = $this->getFileReferences($entity)) {
         foreach ($references as $field_name => $entity_map) {