You are here

class FieldPermissionsService in Field Permissions 8

Same name and namespace in other branches
  1. 8.2 src/FieldPermissionsService.php \Drupal\field_permissions\FieldPermissionsService

The field permission service.

Hierarchy

Expanded class hierarchy of FieldPermissionsService

3 files declare their use of FieldPermissionsService
CustomAccess.php in src/Plugin/FieldPermissionType/CustomAccess.php
FieldPermissionsServiceTest.php in tests/src/Unit/FieldPermissionsServiceTest.php
field_permissions.module in ./field_permissions.module
Contains field_permissions.module.
1 string reference to 'FieldPermissionsService'
field_permissions.services.yml in ./field_permissions.services.yml
field_permissions.services.yml
1 service uses FieldPermissionsService
field_permissions.permissions_service in ./field_permissions.services.yml
Drupal\field_permissions\FieldPermissionsService

File

src/FieldPermissionsService.php, line 20

Namespace

Drupal\field_permissions
View source
class FieldPermissionsService implements FieldPermissionsServiceInterface, ContainerInjectionInterface {

  /**
   * The entity type manager.
   *
   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
   */
  protected $entityTypeManager;

  /**
   * The permission type plugin manager.
   *
   * @var \Drupal\field_permissions\Plugin\FieldPermissionType\Manager
   */
  protected $permissionTypeManager;

  /**
   * Construct the field permission service.
   *
   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
   *   The entity type manager service.
   * @param \Drupal\field_permissions\Plugin\FieldPermissionType\Manager $permission_type_manager
   *   The permission type plugin manager.
   */
  public function __construct(EntityTypeManagerInterface $entity_type_manager, Manager $permission_type_manager) {
    $this->entityTypeManager = $entity_type_manager;
    $this->permissionTypeManager = $permission_type_manager;
  }

  /**
   * {@inheritdoc}
   */
  public static function create(ContainerInterface $container) {
    return new static($container
      ->get('entity_type.manager'), $container
      ->get('plugin.field_permissions.types.manager'));
  }

  /**
   * {@inheritdoc}
   */
  public static function getList($field_label = '') {
    return [
      'create' => [
        'label' => t('Create field'),
        'title' => t('Create own value for field @field', [
          '@field' => $field_label,
        ]),
      ],
      'edit own' => [
        'label' => t('Edit own field'),
        'title' => t('Edit own value for field @field', [
          '@field' => $field_label,
        ]),
      ],
      'edit' => [
        'label' => t('Edit field'),
        'title' => t("Edit anyone's value for field @field", [
          '@field' => $field_label,
        ]),
      ],
      'view own' => [
        'label' => t('View own field'),
        'title' => t('View own value for field @field', [
          '@field' => $field_label,
        ]),
      ],
      'view' => [
        'label' => t('View field'),
        'title' => t("View anyone's value for field @field", [
          '@field' => $field_label,
        ]),
      ],
    ];
  }

  /**
   * {@inheritdoc}
   */
  public function getPermissionsByRole() {

    /** @var \Drupal\user\RoleInterface[] $roles */
    $roles = $this->entityTypeManager
      ->getStorage('user_role')
      ->loadMultiple();
    $field_field_permissions = [];
    $field_permission_perm = $this
      ->getAllPermissions();
    foreach ($roles as $role_name => $role) {
      $role_permissions = $role
        ->getPermissions();
      $field_field_permissions[$role_name] = [];

      // For all element set admin permission.
      if ($role
        ->isAdmin()) {
        foreach (array_keys($field_permission_perm) as $perm_name) {
          $field_field_permissions[$role_name][] = $perm_name;
        }
      }
      else {
        foreach ($role_permissions as $key => $role_permission) {
          if (in_array($role_permission, array_keys($field_permission_perm))) {
            $field_field_permissions[$role_name][] = $role_permission;
          }
        }
      }
    }
    return $field_field_permissions;
  }

  /**
   * {@inheritdoc}
   */
  public function getAllPermissions() {
    $permissions = [];

    /** @var \Drupal\field\FieldStorageConfigInterface[] $fields */
    $fields = $this->entityTypeManager
      ->getStorage('field_storage_config')
      ->loadMultiple();
    foreach ($fields as $key => $field) {

      // Check if this plugin defines custom permissions.
      $permission_type = $this
        ->fieldGetPermissionType($field);
      if ($permission_type !== FieldPermissionTypeInterface::ACCESS_PUBLIC) {
        $plugin = $this->permissionTypeManager
          ->createInstance($permission_type, [], $field);
        if ($plugin instanceof CustomPermissionsInterface) {
          $permissions += $plugin
            ->getPermissions();
        }
      }
    }
    return $permissions;
  }

  /**
   * {@inheritdoc}
   */
  public function fieldGetPermissionType(FieldStorageConfigInterface $field) {
    return $field
      ->getThirdPartySetting('field_permissions', 'permission_type', FieldPermissionTypeInterface::ACCESS_PUBLIC);
  }

  /**
   * {@inheritdoc}
   */
  public static function isCommentField(FieldDefinitionInterface $field_definition) {
    if (!\Drupal::hasService('comment.manager')) {

      // Comment module isn't enabled.
      return FALSE;
    }
    $field_name = $field_definition
      ->getName();
    $field_names = \Drupal::service('comment.manager')
      ->getFields($field_definition
      ->getTargetEntityTypeId());

    // Comment field.
    if (in_array($field_name, array_keys($field_names))) {
      return TRUE;
    }
    return FALSE;
  }

  /**
   * {@inheritdoc}
   */
  public function getFieldAccess($operation, FieldItemListInterface $items, AccountInterface $account, FieldDefinitionInterface $field_definition) {
    $permission_type = $this
      ->fieldGetPermissionType($field_definition
      ->getFieldStorageDefinition());
    if (in_array('administrator', $account
      ->getRoles()) || $permission_type == FieldPermissionTypeInterface::ACCESS_PUBLIC) {
      return TRUE;
    }

    // Field add to comment entity.
    if (static::isCommentField($field_definition)) {
      return TRUE;
    }

    // Pass access control to the plugin.
    $plugin = $this->permissionTypeManager
      ->createInstance($permission_type, [], $field_definition
      ->getFieldStorageDefinition());
    return $plugin
      ->hasFieldAccess($operation, $items
      ->getEntity(), $account);
  }

  /**
   * Determines if the given account may view the field, regardless of entity.
   *
   * This should only return TRUE if
   * @code
   * $this->getFieldAccess('view', $items, $account, $field_definition);
   * @endcode
   * returns TRUE for all possible values of $items.
   *
   * @param \Drupal\Core\Session\AccountInterface $account
   *   Account for which to check access.
   * @param \Drupal\Core\Field\FieldDefinitionInterface $field_definition
   *   Field for which to check access.
   *
   * @return bool
   *   The access result.
   *
   * @todo Move this to an interface: either FieldPermissionsServiceInterface
   *   or a new one.
   */
  public function hasFieldViewAccessForEveryEntity(AccountInterface $account, FieldDefinitionInterface $field_definition) {
    $permission_type = $this
      ->fieldGetPermissionType($field_definition
      ->getFieldStorageDefinition());
    if (in_array('administrator', $account
      ->getRoles()) || $permission_type == FieldPermissionTypeInterface::ACCESS_PUBLIC) {
      return TRUE;
    }

    // Field add to comment entity.
    if (static::isCommentField($field_definition)) {
      return TRUE;
    }

    // Pass access control to the plugin.
    $plugin = $this->permissionTypeManager
      ->createInstance($permission_type, [], $field_definition
      ->getFieldStorageDefinition());
    if ($plugin instanceof Base) {
      return $plugin
        ->hasFieldViewAccessForEveryEntity($account);
    }
    else {
      return FALSE;
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
FieldPermissionsService::$entityTypeManager protected property The entity type manager.
FieldPermissionsService::$permissionTypeManager protected property The permission type plugin manager.
FieldPermissionsService::create public static function Instantiates a new instance of this class. Overrides ContainerInjectionInterface::create
FieldPermissionsService::fieldGetPermissionType public function Get the permission type for a given field. Overrides FieldPermissionsServiceInterface::fieldGetPermissionType
FieldPermissionsService::getAllPermissions public function Returns permissions for all fields that are using custom permissions. Overrides FieldPermissionsServiceInterface::getAllPermissions
FieldPermissionsService::getFieldAccess public function Get access for field by operations and account permisisons. Overrides FieldPermissionsServiceInterface::getFieldAccess
FieldPermissionsService::getList public static function Obtain the list of field permissions. Overrides FieldPermissionsServiceInterface::getList
FieldPermissionsService::getPermissionsByRole public function Get all field permissions keyed by role ID. Overrides FieldPermissionsServiceInterface::getPermissionsByRole
FieldPermissionsService::hasFieldViewAccessForEveryEntity public function Determines if the given account may view the field, regardless of entity.
FieldPermissionsService::isCommentField public static function Field is attached to comment entity. Overrides FieldPermissionsServiceInterface::isCommentField
FieldPermissionsService::__construct public function Construct the field permission service.