function domain_access_node_grants in Domain Access 8
Implements hook_node_grants().
File
- domain_access/
domain_access.module, line 36 - Domain-based access control for content.
Code
function domain_access_node_grants(AccountInterface $account, $op) {
$grants = [];
/** @var \Drupal\domain\Entity\Domain $active */
$active = \Drupal::service('domain.negotiator')
->getActiveDomain();
if (empty($active)) {
$active = \Drupal::entityTypeManager()
->getStorage('domain')
->loadDefaultDomain();
}
// No domains means no permissions.
if (empty($active)) {
return $grants;
}
$id = $active
->getDomainId();
// Advanced grants for edit/delete require permissions.
/** @var \Drupal\user\UserInterface $user */
$user = \Drupal::entityTypeManager()
->getStorage('user')
->load($account
->id());
$user_domains = \Drupal::service('domain_access.manager')
->getAccessValues($user);
// Grants for view are simple. Use the active domain and all affiliates.
// Note that "X to any domain" is a global permission designed for admins.
if ($op == 'view') {
$grants['domain_id'][] = $id;
$grants['domain_site'][] = 0;
if ($user
->hasPermission('view unpublished domain content')) {
if ($user
->hasPermission('publish to any domain') || in_array($id, $user_domains) || !empty($user
->get(DomainAccessManagerInterface::DOMAIN_ACCESS_ALL_FIELD)->value)) {
$grants['domain_unpublished'][] = $id;
}
}
}
elseif ($op == 'update' && $user
->hasPermission('edit domain content')) {
if ($user
->hasPermission('publish to any domain') || in_array($id, $user_domains) || !empty($user
->get(DomainAccessManagerInterface::DOMAIN_ACCESS_ALL_FIELD)->value)) {
$grants['domain_id'][] = $id;
}
}
elseif ($op == 'delete' && $user
->hasPermission('delete domain content')) {
if ($user
->hasPermission('publish to any domain') || in_array($id, $user_domains) || !empty($user
->get(DomainAccessManagerInterface::DOMAIN_ACCESS_ALL_FIELD)->value)) {
$grants['domain_id'][] = $id;
}
}
return $grants;
}