Updated to Drupal 8.5. Core Media not yet in use.

[yaffs-website] / web / core / modules / media / src / MediaAccessControlHandler.php

diff --git a/web/core/modules/media/src/MediaAccessControlHandler.php b/web/core/modules/media/src/MediaAccessControlHandler.php
index 434abfe7193aed91935a84f4849d7968e7675bb7..d4203728e55e952a663d24b00da2ff8e1a67831a 100644 (file)
--- a/web/core/modules/media/src/MediaAccessControlHandler.php
+++ b/web/core/modules/media/src/MediaAccessControlHandler.php
@@ -8,7 +8,7 @@ use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Session\AccountInterface;
 
 /**
- * Defines an access control handler for the media entity.
+ * Defines an access control handler for media items.
  */
 class MediaAccessControlHandler extends EntityAccessControlHandler {
 
@@ -20,6 +20,7 @@ class MediaAccessControlHandler extends EntityAccessControlHandler {
       return AccessResult::allowed()->cachePerPermissions();
     }
 
+    $type = $entity->bundle();
     $is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
     switch ($operation) {
       case 'view':
@@ -32,22 +33,38 @@ class MediaAccessControlHandler extends EntityAccessControlHandler {
         return $access_result;
 
       case 'update':
+        if ($account->hasPermission('edit any ' . $type . ' media')) {
+          return AccessResult::allowed()->cachePerPermissions();
+        }
+        if ($account->hasPermission('edit own ' . $type . ' media') && $is_owner) {
+          return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
+        }
+        // @todo Deprecate this permission in
+        // https://www.drupal.org/project/drupal/issues/2925459.
         if ($account->hasPermission('update any media')) {
           return AccessResult::allowed()->cachePerPermissions();
         }
-        return AccessResult::allowedIf($account->hasPermission('update media') && $is_owner)
-          ->cachePerPermissions()
-          ->cachePerUser()
-          ->addCacheableDependency($entity);
+        if ($account->hasPermission('update media') && $is_owner) {
+          return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
+        }
+        return AccessResult::neutral()->cachePerPermissions();
 
       case 'delete':
+        if ($account->hasPermission('delete any ' . $type . ' media')) {
+          return AccessResult::allowed()->cachePerPermissions();
+        }
+        if ($account->hasPermission('delete own ' . $type . ' media') && $is_owner) {
+          return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
+        }
+        // @todo Deprecate this permission in
+        // https://www.drupal.org/project/drupal/issues/2925459.
         if ($account->hasPermission('delete any media')) {
           return AccessResult::allowed()->cachePerPermissions();
         }
-        return AccessResult::allowedIf($account->hasPermission('delete media') && $is_owner)
-          ->cachePerPermissions()
-          ->cachePerUser()
-          ->addCacheableDependency($entity);
+        if ($account->hasPermission('delete media') && $is_owner) {
+          return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
+        }
+        return AccessResult::neutral()->cachePerPermissions();
 
       default:
         return AccessResult::neutral()->cachePerPermissions();
@@ -58,7 +75,12 @@ class MediaAccessControlHandler extends EntityAccessControlHandler {
    * {@inheritdoc}
    */
   protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
-    return AccessResult::allowedIfHasPermissions($account, ['administer media', 'create media'], 'OR');
+    $permissions = [
+      'administer media',
+      'create media',
+      'create ' . $entity_bundle . ' media',
+    ];
+    return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
   }
 
 }