X-Git-Url: http://aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Fmodules%2Ffile%2Fsrc%2FFileAccessControlHandler.php;h=1e6768da645910d8026be13b98e44ce54e51dde9;hb=5b8bb166bfa98770daef9de5c127fc2e6ef02340;hp=e378b648dfb95acad1894c6b6930d8450ed18d37;hpb=af6d1fb995500ae68849458ee10d66abbdcfb252;p=yaffs-website

diff --git a/web/core/modules/file/src/FileAccessControlHandler.php b/web/core/modules/file/src/FileAccessControlHandler.php
index e378b648d..1e6768da6 100644
--- a/web/core/modules/file/src/FileAccessControlHandler.php
+++ b/web/core/modules/file/src/FileAccessControlHandler.php
@@ -52,11 +52,11 @@ class FileAccessControlHandler extends EntityAccessControlHandler {
           //   services can be more properly injected.
           $allowed_fids = \Drupal::service('session')->get('anonymous_allowed_file_ids', []);
           if (!empty($allowed_fids[$entity->id()])) {
-            return AccessResult::allowed();
+            return AccessResult::allowed()->addCacheContexts(['session', 'user']);
           }
         }
         else {
-          return AccessResult::allowed();
+          return AccessResult::allowed()->addCacheContexts(['user']);
         }
       }
     }
@@ -64,11 +64,11 @@ class FileAccessControlHandler extends EntityAccessControlHandler {
     if ($operation == 'delete' || $operation == 'update') {
       $account = $this->prepareUser($account);
       $file_uid = $entity->get('uid')->getValue();
-      // Only the file owner can delete and update the file entity.
+      // Only the file owner can update or delete the file entity.
       if ($account->id() == $file_uid[0]['target_id']) {
         return AccessResult::allowed();
       }
-      return AccessResult::forbidden();
+      return AccessResult::forbidden('Only the file owner can update or delete the file entity.');
     }
 
     // No opinion.
@@ -127,8 +127,6 @@ class FileAccessControlHandler extends EntityAccessControlHandler {
     // create file entities that are referenced from another entity
     // (e.g. an image for a article). A contributed module is free to alter
     // this to allow file entities to be created directly.
-    // @todo Update comment to mention REST module when
-    //   https://www.drupal.org/node/1927648 is fixed.
     return AccessResult::neutral();
   }