You are here

class NodeRevisionAccessCheck in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/node/src/Access/NodeRevisionAccessCheck.php \Drupal\node\Access\NodeRevisionAccessCheck

Provides an access checker for node revisions.

Hierarchy

Expanded class hierarchy of NodeRevisionAccessCheck

Related topics

1 file declares its use of NodeRevisionAccessCheck
EntityAccessChecker.php in core/modules/jsonapi/src/Access/EntityAccessChecker.php
1 string reference to 'NodeRevisionAccessCheck'
node.services.yml in core/modules/node/node.services.yml
core/modules/node/node.services.yml
1 service uses NodeRevisionAccessCheck
access_check.node.revision in core/modules/node/node.services.yml
Drupal\node\Access\NodeRevisionAccessCheck

File

core/modules/node/src/Access/NodeRevisionAccessCheck.php, line 17

Namespace

Drupal\node\Access
View source
class NodeRevisionAccessCheck implements AccessInterface {

  /**
   * The node storage.
   *
   * @var \Drupal\node\NodeStorageInterface
   */
  protected $nodeStorage;

  /**
   * The node access control handler.
   *
   * @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
   */
  protected $nodeAccess;

  /**
   * A static cache of access checks.
   *
   * @var array
   */
  protected $access = [];

  /**
   * Constructs a new NodeRevisionAccessCheck.
   *
   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
   *   The entity type manager.
   */
  public function __construct(EntityTypeManagerInterface $entity_type_manager) {
    $this->nodeStorage = $entity_type_manager
      ->getStorage('node');
    $this->nodeAccess = $entity_type_manager
      ->getAccessControlHandler('node');
  }

  /**
   * Checks routing access for the node revision.
   *
   * @param \Symfony\Component\Routing\Route $route
   *   The route to check against.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The currently logged in account.
   * @param int $node_revision
   *   (optional) The node revision ID. If not specified, but $node is, access
   *   is checked for that object's revision.
   * @param \Drupal\node\NodeInterface $node
   *   (optional) A node object. Used for checking access to a node's default
   *   revision when $node_revision is unspecified. Ignored when $node_revision
   *   is specified. If neither $node_revision nor $node are specified, then
   *   access is denied.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result.
   */
  public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL) {
    if ($node_revision) {
      $node = $this->nodeStorage
        ->loadRevision($node_revision);
    }
    $operation = $route
      ->getRequirement('_access_node_revision');
    return AccessResult::allowedIf($node && $this
      ->checkAccess($node, $account, $operation))
      ->cachePerPermissions()
      ->addCacheableDependency($node);
  }

  /**
   * Checks node revision access.
   *
   * @param \Drupal\node\NodeInterface $node
   *   The node to check.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   A user object representing the user for whom the operation is to be
   *   performed.
   * @param string $op
   *   (optional) The specific operation being checked. Defaults to 'view.'
   *
   * @return bool
   *   TRUE if the operation may be performed, FALSE otherwise.
   */
  public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view') {
    $map = [
      'view' => 'view all revisions',
      'update' => 'revert all revisions',
      'delete' => 'delete all revisions',
    ];
    $bundle = $node
      ->bundle();
    $type_map = [
      'view' => "view {$bundle} revisions",
      'update' => "revert {$bundle} revisions",
      'delete' => "delete {$bundle} revisions",
    ];
    if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {

      // If there was no node to check against, or the $op was not one of the
      // supported ones, we return access denied.
      return FALSE;
    }

    // Statically cache access by revision ID, language code, user account ID,
    // and operation.
    $langcode = $node
      ->language()
      ->getId();
    $cid = $node
      ->getRevisionId() . ':' . $langcode . ':' . $account
      ->id() . ':' . $op;
    if (!isset($this->access[$cid])) {

      // Perform basic permission checks first.
      if (!$account
        ->hasPermission($map[$op]) && !$account
        ->hasPermission($type_map[$op]) && !$account
        ->hasPermission('administer nodes')) {
        $this->access[$cid] = FALSE;
        return FALSE;
      }

      // If this is the default revision, return access denied for revert or
      // delete operations.
      if ($node
        ->isDefaultRevision() && ($op === 'update' || $op === 'delete')) {
        $this->access[$cid] = FALSE;
      }
      elseif ($account
        ->hasPermission('administer nodes')) {
        $this->access[$cid] = TRUE;
      }
      else {

        // First check the access to the default revision and finally, if the
        // node passed in is not the default revision then check access to
        // that, too.
        $this->access[$cid] = $this->nodeAccess
          ->access($this->nodeStorage
          ->load($node
          ->id()), $op, $account) && ($node
          ->isDefaultRevision() || $this->nodeAccess
          ->access($node, $op, $account));
      }
    }
    return $this->access[$cid];
  }

}

Members

Namesort descending Modifiers Type Description Overrides
NodeRevisionAccessCheck::$access protected property A static cache of access checks.
NodeRevisionAccessCheck::$nodeAccess protected property The node access control handler.
NodeRevisionAccessCheck::$nodeStorage protected property The node storage.
NodeRevisionAccessCheck::access public function Checks routing access for the node revision.
NodeRevisionAccessCheck::checkAccess public function Checks node revision access.
NodeRevisionAccessCheck::__construct public function Constructs a new NodeRevisionAccessCheck.