diff --git a/core/modules/media_library/src/MediaLibraryUiBuilder.php b/core/modules/media_library/src/MediaLibraryUiBuilder.php
index b00bd7af9415361ce906125dbd9d53a6e8467857..fb5d5c41c05d0b79329d3705df241e27b27a922b 100644
--- a/core/modules/media_library/src/MediaLibraryUiBuilder.php
+++ b/core/modules/media_library/src/MediaLibraryUiBuilder.php
@@ -285,7 +285,11 @@ protected function buildMediaTypeMenu(MediaLibraryState $state) {
protected function buildMediaTypeAddForm(MediaLibraryState $state) {
$selected_type_id = $state->getSelectedTypeId();
- if (!$this->entityTypeManager->getAccessControlHandler('media')->createAccess($selected_type_id)) {
+ $access_handler = $this->entityTypeManager->getAccessControlHandler('media');
+ $context = [
+ 'media_library_state' => $state,
+ ];
+ if (!$access_handler->createAccess($selected_type_id, NULL, $context)) {
return [];
}
diff --git a/core/modules/media_library/tests/modules/media_library_test/media_library_test.module b/core/modules/media_library/tests/modules/media_library_test/media_library_test.module
index 6c001f977138501ead2b01f71850a2bb078aeae0..20a285d53cac767d820c3c77ca3cf5005a74adf5 100644
--- a/core/modules/media_library/tests/modules/media_library_test/media_library_test.module
+++ b/core/modules/media_library/tests/modules/media_library_test/media_library_test.module
@@ -11,6 +11,18 @@
use Drupal\Core\Session\AccountInterface;
use Drupal\media_library_test\Form\TestNodeFormOverride;
+/**
+ * Implements hook_ENTITY_TYPE_create_access().
+ */
+function media_library_test_media_create_access(AccountInterface $account, array $context, $entity_bundle) {
+ if (isset($context['media_library_state'])) {
+ /** @var \Drupal\media_library\MediaLibraryState $state */
+ $state = $context['media_library_state'];
+ return AccessResult::forbiddenIf($state->getSelectedTypeId() === 'deny_access');
+ }
+ return AccessResult::neutral();
+}
+
/**
* Implements hook_entity_field_access().
*/
diff --git a/core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php b/core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php
index 5101c3f6b97ac1d07098b595d3bdea00a5ad582f..6db18eb9c3b197cc78c241adb5069761708998ac 100644
--- a/core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php
+++ b/core/modules/media_library/tests/src/Kernel/MediaLibraryAccessTest.php
@@ -11,6 +11,7 @@
use Drupal\image\Entity\ImageStyle;
use Drupal\KernelTests\KernelTestBase;
use Drupal\media_library\MediaLibraryState;
+use Drupal\Tests\media\Traits\MediaTypeCreationTrait;
use Drupal\Tests\user\Traits\UserCreationTrait;
use Drupal\views\Views;
@@ -22,6 +23,7 @@
class MediaLibraryAccessTest extends KernelTestBase {
use UserCreationTrait;
+ use MediaTypeCreationTrait;
/**
* {@inheritdoc}
@@ -368,6 +370,34 @@ public function testViewAccess() {
$this->assertAccess($access_result, FALSE, 'The media library view does not exist.');
}
+ /**
+ * Tests that the media library respects arbitrary access to the add form.
+ */
+ public function testAddFormAccess(): void {
+ // Access is denied if the media library is trying to create media whose
+ // type name is 'deny_access'. Also create a second media type that we *can*
+ // add, so we can be certain that the add form is otherwise visible.
+ // @see media_library_test_media_create_access()
+ $media_types = [
+ $this->createMediaType('image', ['id' => 'deny_access'])->id(),
+ $this->createMediaType('image')->id(),
+ ];
+
+ $account = $this->createUser(['create media']);
+ $this->setCurrentUser($account);
+
+ /** @var \Drupal\media_library\MediaLibraryUiBuilder $ui_builder */
+ $ui_builder = $this->container->get('media_library.ui_builder');
+
+ $state = MediaLibraryState::create('test', $media_types, $media_types[0], 1);
+ $build = $ui_builder->buildUi($state);
+ $this->assertEmpty($build['content']['form']);
+
+ $state = MediaLibraryState::create('test', $media_types, $media_types[1], 1);
+ $build = $ui_builder->buildUi($state);
+ $this->assertNotEmpty($build['content']['form']);
+ }
+
/**
* Asserts various aspects of an access result.
*