Using the new Media UI, we can use nested collections to have a folder-like file management. In this case, if an asset is placed in a "sub asset collection" that is not covered by a privilege, it is available to all users. It also leads to an error described at https://github.com/Flowpack/media-ui/issues/231.
Requirement
In my opinion, we need a new privilege or matcher that checks permissions recursively. So if an Asset is in a collection being a parent of a protected collection (e.g. "Corporate" as in the example above), permission should be denied.
In absence of better alternatives, Asset Collections are used to provide separate file management in a multi-site installation. Example:
Using the new Media UI, we can use nested collections to have a folder-like file management. In this case, if an asset is placed in a "sub asset collection" that is not covered by a privilege, it is available to all users. It also leads to an error described at https://github.com/Flowpack/media-ui/issues/231.
Requirement
In my opinion, we need a new privilege or matcher that checks permissions recursively. So if an Asset is in a collection being a parent of a protected collection (e.g. "Corporate" as in the example above), permission should be denied.
Affected Versions
Neos: 8.3 Media Module: 1.0