You are here

function nodeaccess_node_access_records in Nodeaccess 8

Same name and namespace in other branches
  1. 8.2 nodeaccess.module \nodeaccess_node_access_records()
  2. 5 nodeaccess.module \nodeaccess_node_access_records()
  3. 6.2 nodeaccess.module \nodeaccess_node_access_records()
  4. 6 nodeaccess.module \nodeaccess_node_access_records()
  5. 7 nodeaccess.module \nodeaccess_node_access_records()

Implements hook_node_access_records().

File

./nodeaccess.module, line 29
Control access to site content based on the users and roles.

Code

function nodeaccess_node_access_records($node) {
  $settings = \Drupal::configFactory()
    ->get('nodeaccess.settings');
  $ntype = $node
    ->getType();

  // Need to find out if node has own grants or whether to use defaults.
  $default = $settings
    ->get($ntype);
  $roles_gids = $settings
    ->get('role_map');
  $nid = $node
    ->id();
  $grants = [];

  // Setup default keys that are required by node_access_write_grants().
  $grant_defaults = [
    'gid' => 0,
    'realm' => 'nodeaccess_rid',
    'grant_view' => 0,
    'grant_update' => 0,
    'grant_delete' => 0,
    'priority' => $settings
      ->get('priority'),
  ];
  $db = \Drupal::database();
  $entries = $db
    ->select('nodeaccess', 'n')
    ->fields('n')
    ->condition('nid', $nid, '=')
    ->execute()
    ->fetchAll();
  $node_count = count($entries);
  if ($node_count < 1) {

    // Node has no own grants, use defaults if published.
    if ($node
      ->isPublished()) {
      $i = 0;
      foreach ($default as $key => $val) {
        if ($key != 'author') {
          $rid = $roles_gids[$key];
          $grants[$i] = $default[$key];
          $grants[$i]['gid'] = $rid;
          $i++;
        }
      }
    }
    else {

      // Otherwise, check access to unpublished content for authenticated and
      // anonymous users.
      $role_perms = user_role_permissions([
        DRUPAL_ANONYMOUS_RID,
        DRUPAL_AUTHENTICATED_RID,
      ]);

      // Anonymous user setting.
      $grants[] = [
        'gid' => DRUPAL_ANONYMOUS_RID,
        'grant_view' => in_array('bypass node access', $role_perms[DRUPAL_ANONYMOUS_RID]),
      ];

      // Authenticated user setting.
      $grants[] = [
        'gid' => DRUPAL_AUTHENTICATED_RID,
        'grant_view' => in_array('bypass node access', $role_perms[DRUPAL_AUTHENTICATED_RID]),
      ];
    }
  }
  else {

    // Node has own grants, use them.
    $db = \Drupal::database();
    $entries = $db
      ->select('nodeaccess', 'n')
      ->fields('n')
      ->condition('nid', $nid, '=')
      ->execute()
      ->fetchAll();
    $grants = [];
    foreach ($entries as $row) {
      $grants[] = [
        'gid' => $row->gid,
        'realm' => $row->realm,
        'grant_view' => $row->grant_view,
        'grant_update' => $row->grant_update,
        'grant_delete' => $row->grant_delete,
      ];
    }
  }

  // Apply author grants.
  $grant = $default['author'];
  $grant['gid'] = $node
    ->getOwnerId();
  $grant['realm'] = 'nodeaccess_author';

  // Include author grant even with all values FALSE, it may be
  // needed to overwrite an older value.
  $grants[] = $grant;
  $updated_grants = [];
  foreach ($grants as $id => $grant) {

    // Merge missing default grant keys.
    $updated_grants[] = $grants[$id] + $grant_defaults;
  }
  return $updated_grants;
}