FindMedia query

[rflorent]

Q	A
Bug?	maybe
New Feature?	no
Sulu Version	1.6.12
Browser Version	Firefox

Actual Behavior

When using the findeMedia method of the media repository, there an automatic filter on ids.
It will query media ids and use them to filter the main query, if ids is not set or null.
https://github.com/sulu/sulu/blob/develop/src/Sulu/Bundle/MediaBundle/Entity/MediaRepository.php#L151

This getIds query don't apply the collection access control and will return ids regardless from permission.
For example, have 2 collections, one with no user permissions, one with a user view permission.
I want to get a paginated list of ten medias available, the getIds query will return ten media ids of the 'no permission' collection, and will be used as filter by the findMedia query.
FindMedia query will apply a access control condition, and there will be no result because user has no rights to see these ten medias.

Expected Behavior

The FindMedia method should return only available media for the user.

Steps to Reproduce

Create 2 collections, one with no permission, one with a view permission, add 10 medias on each.
Excecute the get method of the mediamanager with a ten media limit, There will be no results.

Possible Solutions

Add the access control condition as optional to the getIds method

[danrot]

Just to be sure: I have tried to reproduce the error with the following steps, do you think that this is the same issue?

1. Create a new collection
2. Upload one media to this collection
3. Remove all permissions from this collection
4. Go to the root of the media section where all medias are shown
5. The media uploaded in the now secured collection is still visible

This would be a little bit easier for us to reproduce than having such a high number of media to test that.

[danrot]

Just tested it again, seems to be fixed.