public function CommentSelection::entityQueryAlter in Drupal 8
Same name and namespace in other branches
- 9 core/modules/comment/src/Plugin/EntityReferenceSelection/CommentSelection.php \Drupal\comment\Plugin\EntityReferenceSelection\CommentSelection::entityQueryAlter()
Allows the selection to alter the SelectQuery generated by EntityFieldQuery.
Parameters
\Drupal\Core\Database\Query\SelectInterface $query: A Select Query object.
Overrides SelectionPluginBase::entityQueryAlter
File
- core/
modules/ comment/ src/ Plugin/ EntityReferenceSelection/ CommentSelection.php, line 68
Class
- CommentSelection
- Provides specific access control for the comment entity type.
Namespace
Drupal\comment\Plugin\EntityReferenceSelectionCode
public function entityQueryAlter(SelectInterface $query) {
parent::entityQueryAlter($query);
$tables = $query
->getTables();
$data_table = 'comment_field_data';
if (!isset($tables['comment_field_data']['alias'])) {
// If no conditions join against the comment data table, it should be
// joined manually to allow node access processing.
$query
->innerJoin($data_table, NULL, "base_table.cid = {$data_table}.cid AND {$data_table}.default_langcode = 1");
}
// The Comment module doesn't implement any proper comment access,
// and as a consequence doesn't make sure that comments cannot be viewed
// when the user doesn't have access to the node.
$node_alias = $query
->innerJoin('node_field_data', 'n', '%alias.nid = ' . $data_table . '.entity_id AND ' . $data_table . ".entity_type = 'node'");
// Pass the query to the node access control.
$this
->reAlterQuery($query, 'node_access', $node_alias);
// Passing the query to node_query_node_access_alter() is sadly
// insufficient for nodes.
// @see \Drupal\node\Plugin\EntityReferenceSelection\NodeSelection::buildEntityQuery()
if (!$this->currentUser
->hasPermission('bypass node access') && !count($this->moduleHandler
->getImplementations('node_grants'))) {
$query
->condition($node_alias . '.status', 1);
}
}