All core entities except File implement a createAccess() override. As the default return value of Entity::access is TRUE, this leads to the problem that the value for File is always TRUE - ignoring "create files" permission.
Our assumption is currently, that not creating that override when adding entity_access in #3011 was an oversight.
I'm not sure if this is a bug or a feature request. Feedback is welcome.
Also related: #4975 - TRUE is a dangerous default value, anyway.
All core entities except File implement a createAccess() override. As the default return value of Entity::access is TRUE, this leads to the problem that the value for File is always TRUE - ignoring "create files" permission.
Our assumption is currently, that not creating that override when adding entity_access in #3011 was an oversight.
I'm not sure if this is a bug or a feature request. Feedback is welcome.
Also related: #4975 - TRUE is a dangerous default value, anyway.