You are here

class AccessStorage in Permissions by Term 8.2

Same name and namespace in other branches
  1. 8 src/Service/AccessStorage.php \Drupal\permissions_by_term\Service\AccessStorage

Class AccessStorage.

@package Drupal\permissions_by_term


Expanded class hierarchy of AccessStorage

5 files declare their use of AccessStorage
AccessCheckTest.php in tests/src/Kernel/AccessCheckTest.php
CreateFixtureNodesForTestingCommands.php in src/Commands/CreateFixtureNodesForTestingCommands.php
KernelEventListener.php in src/Listener/KernelEventListener.php
PBTKernelTestBase.php in tests/src/Kernel/PBTKernelTestBase.php
permissions_by_term.module in ./permissions_by_term.module
Allows access to terms in a vocabulary to be limited by user or role.
1 string reference to 'AccessStorage' in ./
1 service uses AccessStorage
permissions_by_term.access_storage in ./


src/Service/AccessStorage.php, line 21


View source
class AccessStorage {

   * The database connection.
   * @var Connection
  protected $database;

   * @var TermHandler
  protected $term;

   * @var string
  public const NODE_ACCESS_REALM = 'permissions_by_term';

   * @var AccessCheck
  protected $accessCheck;

   * @var KeyValueCache
  private $keyValueCache;

   * @var LoggerChannelInterface
  private $logger;

   * @var array
  private $grantsCache;
  public function __construct(Connection $database, TermHandler $term, AccessCheck $accessCheck, KeyValueCache $keyValueCache) {
    $this->database = $database;
    $this->term = $term;
    $this->accessCheck = $accessCheck;
    $this->keyValueCache = $keyValueCache;
    $this->grantsCache = [];

   * Gets submitted roles with granted access from form.
   * @return array
   *   An array with chosen roles.
  public function getSubmittedRolesGrantedAccess(FormStateInterface $form_state) {
    $aRoles = $form_state
    $aChosenRoles = [];
    foreach ($aRoles as $sRole) {
      if ($sRole !== 0) {
        $aChosenRoles[] = $sRole;
    return $aChosenRoles;

   * @param FormState $form_state
  public function checkIfUsersExists(FormState $form_state) {
    $sAllowedUsers = $form_state
    $aAllowedUsers = Tags::explode($sAllowedUsers);
    foreach ($aAllowedUsers as $sUserId) {
      $aUserId = \Drupal::entityQuery('user')
        ->condition('uid', $sUserId)
      if (empty($aUserId)) {
          ->setErrorByName('access][user', t('The user with ID %user_id does not exist.', [
          '%user_id' => $sUserId,

   * Get all term permissoins by user id.
   * @return array
   *   The list of terms for this user.
  public function getAllTermPermissionsByUserId($uid) {
    $query = $this->database
      ->select('permissions_by_term_user', 'pu')
      ->condition('uid', $uid);
      ->addExpression("CONCAT(tid, ' ', uid, ' ', langcode)");
    return $query

   * @param int $term_id
   * @return array
  public function getUserTermPermissionsByTid($term_id, $langcode) {
    return $this->database
      ->select('permissions_by_term_user', 'pu')
      ->condition('tid', $term_id)
      ->condition('langcode', $langcode)
      ->fields('pu', [

   * @param int   $uid
   * @param array $rids
   * @return array
  public function getPermittedTids($uid, $rids) {
    $permittedTids = $this->database
      ->select('permissions_by_term_user', 'pu')
      ->condition('uid', $uid)
      ->fields('pu', [
    foreach ($rids as $rid) {
      $permittedTidsByRid = $this->database
        ->select('permissions_by_term_role', 'pr')
        ->condition('rid', $rid)
        ->fields('pr', [
      $permittedTids = array_merge($permittedTidsByRid, $permittedTids);
    return array_unique($permittedTids);

   * @param array  $tids
   * @param string $langcode
   * @return array
  public function getUserTermPermissionsByTids($tids, $langcode) {
    $uids = [];
    foreach ($tids as $tid) {
      if (!empty($tmpUids = $this
        ->getUserTermPermissionsByTid($tid, $langcode))) {
        foreach ($tmpUids as $tmpUid) {
          $uids[] = $tmpUid;
    return $uids;

   * @param int $term_id
   * @param string $langcode
   * @return array
  public function getRoleTermPermissionsByTid($term_id, $langcode) {
    return $this->database
      ->select('permissions_by_term_role', 'pr')
      ->condition('tid', $term_id)
      ->condition('langcode', $langcode)
      ->fields('pr', [

   * @param array  $tids
   * @param string $langcode
   * @return array
  public function getRoleTermPermissionsByTids($tids, $langcode) {
    $rids = [];
    foreach ($tids as $tid) {
      $tmpRids = $this
        ->getRoleTermPermissionsByTid($tid, $langcode);
      if (!empty($tmpRids)) {
        foreach ($tmpRids as $tmpRid) {
          $rids[] = $tmpRid;
    return $rids;

   * @param string $sUsername
   * @return int
  public function getUserIdByName($sUsername) {
    return $this->database
      ->select('users_field_data', 'ufd')
      ->condition('name', $sUsername)
      ->fields('ufd', [

   * @param array $aUserNames
   * @return array
  public function getUserIdsByNames($aUserNames) {
    $aUserIds = [];
    foreach ($aUserNames as $userName) {
      $iUserId = $this
      $aUserIds[] = $iUserId['uid'];
    return $aUserIds;

   * @param int $term_id
   * @return array
  public function getAllowedUserIds($term_id, $langcode) {
    $query = $this->database
      ->select('permissions_by_term_user', 'p')
      ->fields('p', [
      ->condition('p.tid', $term_id)
      ->condition('p.langcode', $langcode);

    // fetchCol() returns all results, fetchAssoc() only "one" result.
    return $query

   * @param array $aUserIdsAccessRemove
   * @param int   $term_id
  public function deleteTermPermissionsByUserIds($aUserIdsAccessRemove, $term_id, $langcode) {
    foreach ($aUserIdsAccessRemove as $iUserId) {
        ->condition('uid', $iUserId, '=')
        ->condition('tid', $term_id, '=')
        ->condition('langcode', $langcode, '=')

   * @param array $aRoleIdsAccessRemove
   * @param int   $term_id
  public function deleteTermPermissionsByRoleIds($aRoleIdsAccessRemove, $term_id, $langcode) {
    foreach ($aRoleIdsAccessRemove as $sRoleId) {
        ->condition('rid', $sRoleId, '=')
        ->condition('tid', $term_id, '=')
        ->condition('langcode', $langcode, '=')

   * @param int $userId
  public function deleteAllTermPermissionsByUserId($userId) {
      ->condition('uid', $userId, '=')

   * Delete access storage when a term is removed.
   * @param int $term_id
   *   The term ID being deleted.
  public function deleteAllTermPermissionsByTid($term_id) {
      ->condition('tid', $term_id, '=')
      ->condition('tid', $term_id, '=')
  public function addTermPermissionsByUserIds(array $aUserIdsGrantedAccess, int $term_id, string $langcode = '') : void {
    $langcode = $langcode === '' ? \Drupal::languageManager()
      ->getId() : $langcode;
    foreach ($aUserIdsGrantedAccess as $iUserIdGrantedAccess) {
      $queryResult = $this->database
        ->query("SELECT uid FROM {permissions_by_term_user} WHERE tid = :tid AND uid = :uid AND langcode = :langcode", [
        ':tid' => $term_id,
        ':uid' => $iUserIdGrantedAccess,
        ':langcode' => $langcode,
      if (empty($queryResult)) {
        ], [

   * @param array  $aRoleIdsGrantedAccess
   * @param int    $term_id
   * @param string $langcode
   * @throws \Exception
  public function addTermPermissionsByRoleIds($aRoleIdsGrantedAccess, $term_id, $langcode = '') {
    $langcode = $langcode === '' ? \Drupal::languageManager()
      ->getId() : $langcode;
    $roles = Role::loadMultiple();
    foreach ($roles as $role => $roleObj) {
      if ($roleObj
        ->hasPermission('bypass node access')) {
        $aRoleIdsGrantedAccess[] = $roleObj
    $aRoleIdsGrantedAccess = array_unique($aRoleIdsGrantedAccess);
    foreach ($aRoleIdsGrantedAccess as $sRoleIdGrantedAccess) {
      $queryResult = $this->database
        ->query("SELECT rid FROM {permissions_by_term_role} WHERE tid = :tid AND rid = :rid AND langcode = :langcode", [
        ':tid' => $term_id,
        ':rid' => $sRoleIdGrantedAccess,
        ':langcode' => $langcode,
      if (empty($queryResult)) {
        ], [

   * Gets the user ids which have been submitted by form.
   * Users which will gain granted access to taxonomy terms.
   * @return array
   *   The user ids which have been submitted.
  public function getSubmittedUserIds($formState) {

    /* There's a $this->oFormState->getValues() method, but
     * it is loosing multiple form values. Don't know why.
     * So there're some custom lines on the $_REQUEST array. */
    $sRawUsers = $_REQUEST['access']['user'];
    if (empty($sRawUsers)) {
      return [];
    $aRawUsers = Tags::explode($sRawUsers);
    $aUserIds = [];
    if (!empty($aRawUsers)) {
      foreach ($aRawUsers as $sRawUser) {
        if (preg_match("/.+\\s\\(([^\\)]+)\\)/", $sRawUser, $matches)) {
          $aUserIds[] = $matches[1];
    return $aUserIds;

   * @param FormState $formState
   * @param int $term_id
   * @return array
   * @throws \Exception
  public function saveTermPermissions(FormStateInterface $formState, $term_id) {
    $langcode = \Drupal::languageManager()
    if (!empty($formState
      ->getValue('langcode'))) {
      $langcode = $formState
    $aExistingUserPermissions = $this
      ->getUserTermPermissionsByTid($term_id, $langcode);
    $aSubmittedUserIdsGrantedAccess = $this
    $aExistingRoleIdsGrantedAccess = $this
      ->getRoleTermPermissionsByTid($term_id, $langcode);
    $aSubmittedRolesGrantedAccess = $this
    $aRet = $this
      ->getPreparedDataForDatabaseQueries($aExistingUserPermissions, $aSubmittedUserIdsGrantedAccess, $aExistingRoleIdsGrantedAccess, $aSubmittedRolesGrantedAccess);
      ->deleteTermPermissionsByUserIds($aRet['UserIdPermissionsToRemove'], $term_id, $langcode);
      ->addTermPermissionsByUserIds($aRet['UserIdPermissionsToAdd'], $term_id, $langcode);
      ->deleteTermPermissionsByRoleIds($aRet['UserRolePermissionsToRemove'], $term_id, $langcode);
    if (!empty($aRet['aRoleIdPermissionsToAdd'])) {
        ->addTermPermissionsByRoleIds($aRet['aRoleIdPermissionsToAdd'], $term_id, $langcode);
    return $aRet;

   * Get array items to remove.
   * The array items which aren't in the new items array, but are in old items
   * array, will be returned.
   * @param array $aExistingItems
   *   The existing array items.
   * @param array|bool $aNewItems
   *   Either false if there're no new items or an array with items.
   * @return array
   *   The array items to remove.
  private function getArrayItemsToRemove($aExistingItems, $aNewItems) {
    $aRet = [];
    foreach ($aExistingItems as $existingItem) {
      if (!in_array($existingItem, $aNewItems)) {
        $aRet[] = $existingItem;
    return $aRet;

   * Get the array items to add.
   * The items in the new items array, which aren't in the existing items array,
   * will be returned.
   * @param array $aNewItems
   *   The new array items.
   * @param array $aExistingItems
   *   The existing array items.
   * @return array
   *   The items which needs to be added.
  private function getArrayItemsToAdd($aNewItems, $aExistingItems) {
    $aRet = [];
    foreach ($aNewItems as $newItem) {
      if (!in_array($newItem, $aExistingItems)) {
        $aRet[] = $newItem;
    return $aRet;

   * Prepares the data which has to be applied to the database.
   * @param array $aExistingUserPermissions
   *   The permissions for existing user.
   * @param array $aSubmittedUserIdsGrantedAccess
   *   The user ids which get access.
   * @param array $aExistingRoleIdsGrantedAccess
   *   The existing role ids.
   * @param array $aSubmittedRolesGrantedAccess
   *   The user roles which get access.
   * @return array
   *   User ID and role data.
  public function getPreparedDataForDatabaseQueries($aExistingUserPermissions, $aSubmittedUserIdsGrantedAccess, $aExistingRoleIdsGrantedAccess, $aSubmittedRolesGrantedAccess) {

    // Fill array with user ids to remove permission.
    $aRet['UserIdPermissionsToRemove'] = $this
      ->getArrayItemsToRemove($aExistingUserPermissions, $aSubmittedUserIdsGrantedAccess);

    // Fill array with user ids to add permission.
    $aRet['UserIdPermissionsToAdd'] = $this
      ->getArrayItemsToAdd($aSubmittedUserIdsGrantedAccess, $aExistingUserPermissions);

    // Fill array with user roles to remove permission.
    $aRet['UserRolePermissionsToRemove'] = $this
      ->getArrayItemsToRemove($aExistingRoleIdsGrantedAccess, $aSubmittedRolesGrantedAccess);

    // Fill array with user roles to add permission.
    $aRet['aRoleIdPermissionsToAdd'] = $this
      ->getArrayItemsToAdd($aSubmittedRolesGrantedAccess, $aExistingRoleIdsGrantedAccess);
    return $aRet;

   * The form value for allowed users as string to be shown to the user.
   * @param User[] $aAllowedUsers
   *   An array with the allowed users.
   * @return null|string
   *   Either null or the user name.
  public function getUserFormValue($aAllowedUsers) {
    $sUserInfos = '';
    if (!empty($aAllowedUsers)) {
      foreach ($aAllowedUsers as $oUser) {
        $iUid = (int) $oUser
        if ($iUid !== 0) {
          $sUsername = $oUser
        else {
          $sUsername = t('Anonymous User');
        $sUserInfos .= "{$sUsername} ({$iUid}), ";

      // Remove space and comma at the end of the string.
      $sUserInfos = substr($sUserInfos, 0, -2);
    return $sUserInfos;

   * Returns an array of term ids attached to the passed node id.
   * @param $nid
   *   Node id.
   * @return array
   *   Array of term ids
  public function getTidsByNid($nid) : array {
    $nidsToTidsPairs = [];
    if ($this->keyValueCache
      ->has()) {
      $nidsToTidsPairs = $this->keyValueCache
      if (!empty($nidsToTidsPairs[$nid])) {
        return $nidsToTidsPairs[$nid];
    $tidsForNid = $this->database
      ->fields('taxonomy_index', [
      ->condition('nid', $nid)
    if (!empty($tidsForNid)) {
      $nidsToTidsPairs[$nid] = $tidsForNid;
      return $tidsForNid;
    return [];

   * @return array
  public function getAllUids() {
    $nodes = \Drupal::entityQuery('user')
    return array_values($nodes);

   * @param $nid
   * @return array
  public function getNodeType($nid) {
    $query = $this->database
      ->select('node', 'n')
      ->fields('n', [
      ->condition('n.nid', $nid);
    return $query

   * @param $nid
   * @return array
  public function getLangCode($nid) {
    $query = $this->database
      ->select('node', 'n')
      ->fields('n', [
      ->condition('n.nid', $nid);
    return $query

   * @param AccountInterface $user
   * @return array
  public function getGids(AccountInterface $user) {
    $grants = null;
    if (!empty($this->grantsCache[$user
      ->id()])) {
      return $this->grantsCache[$user
    if (!empty($permittedNids = $this
      ->computePermittedTids($user))) {
      $query = $this->database
        ->select('node_access', 'na')
        ->fields('na', [
        ->condition('na.nid', $permittedNids, 'IN')
        ->condition('na.realm', self::NODE_ACCESS_REALM);
      $gids = $query
      foreach ($gids as $gid) {
        $grants[self::NODE_ACCESS_REALM][] = $gid;
      ->id()] = $grants;
    return $grants;
  private function computePermittedTids(AccountInterface $user) {
    $nidsWithNoTidRestriction = $this
    $nidsByTids = $this->term
      ->id(), $user
    if (\Drupal::config('permissions_by_term.settings')
      ->get('require_all_terms_granted')) {
      $permittedNids = [];
      foreach ($nidsByTids as $nid) {
        if ($this->accessCheck
          ->canUserAccessByNode(Node::load($nid), $user
          ->id(), $this
          ->getLangCode($nid))) {
          $permittedNids[] = $nid;
      $nidsByTids = $permittedNids;
    if (!empty($nidsByTids)) {
      return array_merge($this
        ->getUnrestrictedNids(), $nidsByTids);
    return $nidsWithNoTidRestriction;
  private function getUnrestrictedNids() {
    $tidsRestrictedUserQuery = $this->database
      ->select('permissions_by_term_user', 'u')
      ->fields('u', [
    $restrictedTids = $this->database
      ->select('permissions_by_term_role', 'r')
      ->fields('r', [
    if (empty($restrictedTids)) {
      return $this
    $restrictedNids = $this->database
      ->select('taxonomy_index', 't')
      ->fields('t', [
      ->condition('t.tid', $restrictedTids, 'IN')
    if (empty($restrictedNids)) {
      return $this
    $unrestrictedNids = $this->database
      ->select('taxonomy_index', 't')
      ->fields('t', [
      ->condition('t.nid', $restrictedNids, 'NOT IN')
    return $unrestrictedNids;

   * @return array
  public function getAllNids() {
    return $this->database
      ->select('node', 'n')
      ->fields('n', [

   * @param $uid
   * @return array
  public function getAllNidsUserCanAccess($uid) {
    $query = $this->database
      ->select('node_access', 'na')
      ->fields('na', [
      ->condition('na.realm', 'permissions_by_term__uid_' . $uid);
    return $query

   * @param $tid
   * @return array
  public function getNidsByTid($tid) {
    $query = $this->database
      ->select('taxonomy_index', 'ti')
      ->fields('ti', [
      ->condition('ti.tid', $tid);
    return $query



Namesort descending Modifiers Type Description Overrides
AccessStorage::$accessCheck protected property
AccessStorage::$database protected property The database connection.
AccessStorage::$grantsCache private property
AccessStorage::$keyValueCache private property
AccessStorage::$logger private property
AccessStorage::$term protected property
AccessStorage::addTermPermissionsByRoleIds public function
AccessStorage::addTermPermissionsByUserIds public function
AccessStorage::checkIfUsersExists public function
AccessStorage::computePermittedTids private function
AccessStorage::deleteAllTermPermissionsByTid public function Delete access storage when a term is removed.
AccessStorage::deleteAllTermPermissionsByUserId public function
AccessStorage::deleteTermPermissionsByRoleIds public function
AccessStorage::deleteTermPermissionsByUserIds public function
AccessStorage::getAllNids public function
AccessStorage::getAllNidsUserCanAccess public function
AccessStorage::getAllowedUserIds public function
AccessStorage::getAllTermPermissionsByUserId public function Get all term permissoins by user id.
AccessStorage::getAllUids public function
AccessStorage::getArrayItemsToAdd private function Get the array items to add.
AccessStorage::getArrayItemsToRemove private function Get array items to remove.
AccessStorage::getGids public function
AccessStorage::getLangCode public function
AccessStorage::getNidsByTid public function
AccessStorage::getNodeType public function
AccessStorage::getPermittedTids public function
AccessStorage::getPreparedDataForDatabaseQueries public function Prepares the data which has to be applied to the database.
AccessStorage::getRoleTermPermissionsByTid public function
AccessStorage::getRoleTermPermissionsByTids public function
AccessStorage::getSubmittedRolesGrantedAccess public function Gets submitted roles with granted access from form.
AccessStorage::getSubmittedUserIds public function Gets the user ids which have been submitted by form.
AccessStorage::getTidsByNid public function Returns an array of term ids attached to the passed node id.
AccessStorage::getUnrestrictedNids private function
AccessStorage::getUserFormValue public function The form value for allowed users as string to be shown to the user.
AccessStorage::getUserIdByName public function
AccessStorage::getUserIdsByNames public function
AccessStorage::getUserTermPermissionsByTid public function
AccessStorage::getUserTermPermissionsByTids public function
AccessStorage::NODE_ACCESS_REALM public constant
AccessStorage::saveTermPermissions public function
AccessStorage::__construct public function