You are here

Home » API reference » Access Control Bridge 8 » acb.module

function acb_node_access_records_alter in Access Control Bridge 8

Same name and namespace in other branches
  1. 7 acb.module \acb_node_access_records_alter()

Implements hook_node_access_records_alter().

Creates and inserts our cascaded access records for nodes.

File

./acb.module, line 57
Drupal hooks and functions for the acb module.

Code

function acb_node_access_records_alter(&$grants, NodeInterface $node) {

  // Split all grants into their respective controlling modules.
  $split_grants = [];
  foreach (acb_get_modules() as $module) {
    $grant_storage = [];
    foreach ($grants as $key => $grant) {
      switch ($grant['realm']) {

        // 'all' and ACL require special care.
        case 'acl':
        case 'all':

          // Check 'module' or '#module' key. If not present, then assume it to be Content Access.
          if (isset($grant['module'])) {
            $realm = $grant['module'];
          }
          elseif (isset($grant['#module'])) {
            $realm = $grant['#module'];
          }
          else {
            $realm = 'content_access';
          }
          break;
        default:
          $realm = $grant['realm'];
          break;
      }
      if (acb_is_module_realm($realm, $module) === TRUE) {
        $grant_storage[$key] = $grant;
      }
    }
    $split_grants[$module] = $grant_storage;
  }

  // Filter out any modules that didn't set access records.
  $split_grants = array_filter($split_grants);

  // Only proceed and alter the grants if multiple modules control this node.
  // If this is not the case, the legacy user grants will control the node as usual.
  if (count($split_grants) <= 1) {
    return;
  }

  // Convert 'all' realm grants to anonymous and authenticated role grants.
  // @TODO: check if still needed in D8.
  $roles = [
    0 => AccountInterface::ANONYMOUS_ROLE,
    1 => AccountInterface::AUTHENTICATED_ROLE,
  ];
  foreach ($split_grants as $module => $split_grant_module) {
    foreach ($split_grant_module as $key => $split_grant) {
      if ($split_grant['realm'] == 'all') {
        foreach ($roles as $rid => $rolename) {
          $split_grants[$module][$rid] = $split_grant;
          $split_grants[$module][$rid]['realm'] = $module . '_rid';
          $split_grants[$module][$rid]['gid'] = $rid;
        }
        unset($split_grants[$module][$key]);
      }
    }
  }

  // We keep the existing grants and merge ours because we overrule them
  // by setting a high priority on our own grants in _acb_cascade_grants().
  // $grants = array_merge($grants, _acb_cascade_grants($split_grants, TRUE));
  // @TODO: Find out if there is a reason to keep existing grants.
  // Currently we only assign the ACB grants, to enforce multiple access control
  // modules working together as expected.
  $grants = _acb_cascade_grants($split_grants, TRUE);
}