From e556cbcde925ab3d99c543d43a141ed5d0563b18 Mon Sep 17 00:00:00 2001
From: Adam <adam-vessey@users.noreply.github.com>
Date: Wed, 31 Aug 2022 19:14:12 -0300
Subject: [PATCH] Add file access check to IIIF manifest generation. (#884)

---
 .../islandora_iiif/src/Plugin/views/style/IIIFManifest.php    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/islandora_iiif/src/Plugin/views/style/IIIFManifest.php b/modules/islandora_iiif/src/Plugin/views/style/IIIFManifest.php
index 13f83e7d9..194670016 100644
--- a/modules/islandora_iiif/src/Plugin/views/style/IIIFManifest.php
+++ b/modules/islandora_iiif/src/Plugin/views/style/IIIFManifest.php
@@ -198,6 +198,10 @@ protected function getTileSourceFromRow(ResultRow $row, $iiif_address, $iiif_bas
         /** @var \Drupal\Core\Field\FieldItemListInterface $images */
         $images = $entity->{$viewsField->definition['field_name']};
         foreach ($images as $image) {
+          if (!$image->entity->access('view')) {
+            // If the user does not have permission to view the file, skip it.
+            continue;
+          }
           // Create the IIIF URL for this file
           // Visiting $iiif_url will resolve to the info.json for the image.
           $file_url = $image->entity->createFileUrl(FALSE);