Access to files attached via media entities should be ultimately controlled by the published state of related content

Problem/Motivation

When private files are attached directly to nodes, Drupal determines when to grant access to them based on whether or not the related node is published, which is in line with what customers seem both to expect and require.

But now that files can be attached to media entities instead of directly to nodes, Drupal no longer recognizes any relationship between the node and the file. This is different from the core-without-Media approach, and not something anyone seems to expect or require. With Media in core, the published state of the node has no effect and access is based on the published state of the media entity..

Proposed resolution

• If at least one piece of content uses a piece of media, that media is considered "disclosed" or public and should be published.
• If the only published node that referenced a piece of content was deleted or unpublished, the media remains published because it had already been effectively "disclosed" and it may have been shared on social media or referenced in other places.

If editors made a mistake, they would still be able to manually unpublish the media in question. But what if they're not aware they've made a mistake? Giving some sort of override control on the node form might be beneficial. It would certainly be helpful to have some sort of status message indicating that a piece of media was automatically published or unpublished so that the user can react to the fact if necessary..

Remaining tasks

TBD

User interface changes

Anonymous users can no longer see media files attached to a node when the node is unpublished/archived and the field file system is private.

API changes

TBD.

Data model changes

TBD.