Problem/Motivation
While working on #2889855: Unpublished media entity can not be accessed by owner and update any media/delete any media access possibly cached by user we've noticed a couple of bugs in MediaAccessControlHandler regarding the cache for delete/update access.
- 'edit own type media' permissions is checked and returned before 'update any media' permission, which causes cache per user when it's not needed
- 'delete own type media' permissions is checked and returned before 'delete any media' permission, which causes cache per user when it's not needed
- 'edit any type media' does not have the entity as cacheable dependency
- 'delete any type media' does not have the entity as cacheable dependency
Steps to reproduce: Update any media cached by user
1. Create a roll with 'edit own $type media' and 'update media' permission
2. Create a user and assign the role created in step 1.
3. Create a media item of $type
4. Login as the user from step 2
5. Try to edit the media item of step 3
Expected:
The access result is cached per permission.
Actual:
The access result is cached per user.
Steps to reproduce: Delete any media cached by user
1. Create a roll with 'delete own $type media' and 'delete media' permission
2. Create a user and assign the role created in step 1.
3. Create a media item of $type
4. Login as the user from step 2
5. Try to delete the media item of step 3
Expected:
The access result is cached per permission.
Actual:
The access result is cached per user.
Proposed resolution
Fix update/delete access cache issues and add extensive tests for it.
- Make sure the generic 'update any media' / 'edit any $type media' permissions are checked before the user specific 'update own media' / 'edit own $type media'.
- Make sure the generic 'delete any media' / 'delete any $type media' permissions are checked before the user specific 'delete own media' / 'delete own $type media'.