class AccessCheck in Permissions by Term 8.2
Same name and namespace in other branches
- 8 src/Service/AccessCheck.php \Drupal\permissions_by_term\Service\AccessCheck
AccessCheckService class.
Hierarchy
- class \Drupal\permissions_by_term\Service\AccessCheck
Expanded class hierarchy of AccessCheck
4 files declare their use of AccessCheck
- AccessChecker.php in modules/
permissions_by_entity/ src/ Service/ AccessChecker.php - KernelEventListener.php in src/
Listener/ KernelEventListener.php - PBTKernelTestBase.php in tests/
src/ Kernel/ PBTKernelTestBase.php - permissions_by_term.module in ./
permissions_by_term.module - Allows access to terms in a vocabulary to be limited by user or role.
1 string reference to 'AccessCheck'
1 service uses AccessCheck
File
- src/
Service/ AccessCheck.php, line 17
Namespace
Drupal\permissions_by_term\ServiceView source
class AccessCheck {
/**
* The database connection.
*
* @var \Drupal\Core\Database\Connection
*/
protected $database;
/**
* @var ContainerAwareEventDispatcher
*/
private $eventDispatcher;
/**
* @var EntityFieldManager
*/
private $entityFieldManager;
/**
* Constructs AccessCheck object.
*
* @param Connection $database
* The database connection.
*/
public function __construct(Connection $database, ContainerAwareEventDispatcher $eventDispatcher, EntityFieldManager $entityFieldFieldManager) {
$this->database = $database;
$this->eventDispatcher = $eventDispatcher;
$this->entityFieldManager = $entityFieldFieldManager;
}
public function canUserAccessByNode(Node $node, $uid = FALSE, $langcode = '') : bool {
if (!$this
->isAnyTaxonomyTermFieldDefinedInNodeType($node
->getType())) {
return TRUE;
}
$langcode = $langcode === '' ? \Drupal::languageManager()
->getCurrentLanguage()
->getId() : $langcode;
if (empty($uid)) {
$uid = \Drupal::currentUser()
->id();
}
$user = User::load($uid);
if ($user instanceof User && $user
->hasPermission('view own unpublished content') && (int) $node
->getOwnerId() === (int) $uid && !$node
->isPublished()) {
return TRUE;
}
if ($user instanceof User && $user
->hasPermission('view any unpublished content') && !$node
->isPublished()) {
return TRUE;
}
if ($user instanceof User && $user
->hasPermission('bypass node access')) {
return TRUE;
}
$configPermissionMode = \Drupal::config('permissions_by_term.settings')
->get('permission_mode');
$requireAllTermsGranted = \Drupal::config('permissions_by_term.settings')
->get('require_all_terms_granted');
if (!$configPermissionMode && !$requireAllTermsGranted) {
$access_allowed = TRUE;
}
else {
$access_allowed = FALSE;
}
$terms = $this->database
->query("SELECT tid FROM {taxonomy_index} WHERE nid = :nid", [
':nid' => $node
->id(),
])
->fetchAll();
if (empty($terms) && !$configPermissionMode) {
return TRUE;
}
foreach ($terms as $term) {
$termInfo = Term::load($term->tid);
if ($termInfo instanceof Term && $termInfo
->get('langcode')
->getLangcode() == $langcode) {
if (!$this
->isAnyPermissionSetForTerm($term->tid, $termInfo
->get('langcode')
->getLangcode())) {
continue;
}
$access_allowed = $this
->isAccessAllowedByDatabase($term->tid, $uid, $termInfo
->get('langcode')
->getLangcode());
if (!$access_allowed && $requireAllTermsGranted) {
return $access_allowed;
}
if ($access_allowed && !$requireAllTermsGranted) {
return $access_allowed;
}
}
}
return $access_allowed;
}
/**
* @param int $tid
* @param bool|int $uid
* @param string $langcode
* @return bool
*/
public function isAccessAllowedByDatabase($tid, $uid = FALSE, $langcode = '') {
$langcode = $langcode === '' ? \Drupal::languageManager()
->getCurrentLanguage()
->getId() : $langcode;
if (is_numeric($uid) && $uid > 0) {
$user = User::load($uid);
}
else {
$user = \Drupal::currentUser();
}
$tid = (int) $tid;
if (!$this
->isAnyPermissionSetForTerm($tid, $langcode) && !\Drupal::config('permissions_by_term.settings')
->get('permission_mode')) {
return TRUE;
}
/* At this point permissions are enabled, check to see if this user or one
* of their roles is allowed.
*/
foreach ($user
->getRoles() as $sUserRole) {
if ($this
->isTermAllowedByUserRole($tid, $sUserRole, $langcode)) {
return TRUE;
}
}
if ($this
->isTermAllowedByUserId($tid, $user
->id(), $langcode)) {
return TRUE;
}
return FALSE;
}
/**
* @param int $tid
* @param int $iUid
* @param string $langcode
*
* @return bool
*/
private function isTermAllowedByUserId($tid, $iUid, $langcode) {
$query_result = $this->database
->query("SELECT uid FROM {permissions_by_term_user} WHERE tid = :tid AND uid = :uid AND langcode = :langcode", [
':tid' => $tid,
':uid' => $iUid,
':langcode' => $langcode,
])
->fetchField();
if (!empty($query_result)) {
return TRUE;
}
else {
return FALSE;
}
}
/**
* @param int $tid
* @param string $sUserRole
* @param string $langcode
*
* @return bool
*/
public function isTermAllowedByUserRole($tid, $sUserRole, $langcode) {
$query_result = $this->database
->query("SELECT rid FROM {permissions_by_term_role} WHERE tid = :tid AND rid IN (:user_roles) AND langcode = :langcode", [
':tid' => $tid,
':user_roles' => $sUserRole,
':langcode' => $langcode,
])
->fetchField();
if (!empty($query_result)) {
return TRUE;
}
else {
return FALSE;
}
}
/**
* @param int $tid
* @param string $langcode
*
* @return bool
*/
public function isAnyPermissionSetForTerm($tid, $langcode = '') {
$langcode = $langcode === '' ? \Drupal::languageManager()
->getCurrentLanguage()
->getId() : $langcode;
$iUserTableResults = (int) $this->database
->query("SELECT COUNT(1) FROM {permissions_by_term_user} WHERE tid = :tid AND langcode = :langcode", [
':tid' => $tid,
':langcode' => $langcode,
])
->fetchField();
$iRoleTableResults = (int) $this->database
->query("SELECT COUNT(1) FROM {permissions_by_term_role} WHERE tid = :tid AND langcode = :langcode", [
':tid' => $tid,
':langcode' => $langcode,
])
->fetchField();
if ($iUserTableResults > 0 || $iRoleTableResults > 0) {
return TRUE;
}
}
public function handleNode(Node $node, string $langcode) : AccessResult {
$result = AccessResult::neutral();
if (!$this
->canUserAccessByNode($node, false, $langcode)) {
$this
->dispatchDeniedEvent($node
->id());
$result = AccessResult::forbidden();
}
return $result;
}
public function dispatchDeniedEventOnRestricedAccess(Node $node, string $langcode) : void {
if (!$this
->canUserAccessByNode($node, false, $langcode)) {
$this
->dispatchDeniedEvent($node
->id());
}
}
private function dispatchDeniedEvent($nodeId) : void {
$accessDeniedEvent = new PermissionsByTermDeniedEvent($nodeId);
$this->eventDispatcher
->dispatch(PermissionsByTermDeniedEvent::NAME, $accessDeniedEvent);
}
public function isAnyTaxonomyTermFieldDefinedInNodeType(string $nodeType) {
$fieldDefinitons = $this->entityFieldManager
->getFieldDefinitions('node', $nodeType);
foreach ($fieldDefinitons as $fieldDefiniton) {
if ($fieldDefiniton
->getType() === 'entity_reference' && is_numeric(strpos($fieldDefiniton
->getSetting('handler'), 'taxonomy_term'))) {
return TRUE;
}
}
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
AccessCheck:: |
protected | property | The database connection. | |
|
AccessCheck:: |
private | property | ||
|
AccessCheck:: |
private | property | 1 | |
|
AccessCheck:: |
public | function | ||
|
AccessCheck:: |
private | function | ||
|
AccessCheck:: |
public | function | ||
|
AccessCheck:: |
public | function | ||
|
AccessCheck:: |
public | function | ||
|
AccessCheck:: |
public | function | ||
|
AccessCheck:: |
public | function | ||
|
AccessCheck:: |
private | function | ||
|
AccessCheck:: |
public | function | ||
|
AccessCheck:: |
public | function | Constructs AccessCheck object. | 1 |