You are here

Home » API reference » Domain Access 8 » domain_access.module

function domain_access_node_access in Domain Access 8

Implements hook_node_access().

File

domain_access/domain_access.module, line 345
Domain-based access control for content.

Code

function domain_access_node_access(NodeInterface $node, $op, AccountInterface $account) {
  static $active_domain;
  if (!isset($active_domain)) {

    // Ensure that the loader has run. In some tests, the kernel event has not.
    $active = \Drupal::service('domain.negotiator')
      ->getActiveDomain();
    if (empty($active)) {
      $active = \Drupal::service('domain.negotiator')
        ->getActiveDomain(TRUE);
    }
    $active_domain = $active;
  }

  // Check to see that we have a valid active domain.
  // Without one, we cannot assert an opinion about access.
  if (!$active_domain || empty($active_domain
    ->getDomainId())) {
    return AccessResult::neutral()
      ->addCacheableDependency($node);
  }
  $type = $node
    ->bundle();
  $manager = \Drupal::service('domain_access.manager');
  $allowed = FALSE;

  // In order to access update or delete, the user must be able to view.
  // Domain-specific permissions are relevant only if the node is not published.
  if ($op == 'view') {
    if ($node
      ->isPublished()) {

      // Explicit restatement of the condition, for clarity.
      $allowed = FALSE;
    }
    elseif ($account
      ->hasPermission('view unpublished domain content') && $manager
      ->checkEntityAccess($node, $account)) {
      $allowed = TRUE;
    }
  }
  if ($op == 'update') {
    if ($account
      ->hasPermission('update ' . $type . ' content on assigned domains') && $manager
      ->checkEntityAccess($node, $account)) {
      $allowed = TRUE;
    }
    elseif ($account
      ->hasPermission('edit domain content') && $manager
      ->checkEntityAccess($node, $account)) {
      $allowed = TRUE;
    }
  }
  if ($op == 'delete') {
    if ($account
      ->hasPermission('delete ' . $type . ' content on assigned domains') && $manager
      ->checkEntityAccess($node, $account)) {
      $allowed = TRUE;
    }
    elseif ($account
      ->hasPermission('delete domain content') && $manager
      ->checkEntityAccess($node, $account)) {
      $allowed = TRUE;
    }
  }
  if ($allowed) {
    return AccessResult::allowed()
      ->cachePerPermissions()
      ->cachePerUser()
      ->addCacheableDependency($node);
  }

  // No opinion on FALSE.
  return AccessResult::neutral()
    ->addCacheableDependency($node);
}