photos_access.module in Album Photos 8.4
Same filename and directory in other branches
Implementation of photos_access.module.
File
photos_access/photos_access.moduleView source
<?php
/**
* @file
* Implementation of photos_access.module.
*/
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Ajax\AjaxResponse;
use Drupal\Core\Ajax\CssCommand;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\StreamWrapper\PrivateStream;
use Drupal\Core\Url;
use Drupal\file\Entity\File;
use Drupal\node\NodeInterface;
use Drupal\photos\PhotosUpload;
use Symfony\Component\HttpFoundation\RedirectResponse;
/**
* Implements hook_help().
*/
function photos_access_help($route_name, RouteMatchInterface $route_match) {
switch ($route_name) {
case 'help.page.photos_access':
$output = '';
$output .= '<p>' . t('Advanced photo access and privacy settings.') . '</p>';
$output .= '<p>' . t('The Album Photos module comes with the Photo Access
sub-module that provides settings for each album including open, locked,
designated users, or password required.') . '</p>';
$output .= '<p>' . t('See the <a href="@project_page">project page on Drupal.org</a> for more details.', [
'@project_page' => 'https://www.drupal.org/project/photos',
]) . '</p>';
return $output;
}
}
/**
* Implements hook_form_BASE_FORM_ID_alter() for form_node.
*/
function photos_access_form_node_form_alter(&$form, FormStateInterface &$form_state, $form_id) {
// Get form node.
$node = $form_state
->getFormObject()
->getEntity();
if ($node && ($node_type = $node
->getType())) {
if (\Drupal::config('photos.settings')
->get('photos_access_' . $node_type)) {
$nid = $node
->id();
$form['privacy'] = [
'#type' => 'details',
'#title' => t('Privacy'),
'#open' => TRUE,
'#weight' => 1,
'#tree' => TRUE,
];
// Access record(s) id.
$form['privacy']['access_id'] = [
'#type' => 'value',
'#value' => isset($node->privacy['access_id']) ? $node->privacy['access_id'] : 0,
];
$form['privacy']['vid'] = [
'#type' => 'value',
'#value' => isset($node->privacy['vid']) ? $node->privacy['vid'] : 0,
];
$form['privacy']['eid'] = [
'#type' => 'value',
'#value' => isset($node->privacy['eid']) ? $node->privacy['eid'] : 0,
];
$old = [];
if ($nid) {
// Check collaborators and designated users.
if (!isset($node->privacy['access_id']) || !($photos_album_access_id = $node->privacy['access_id'])) {
$db = \Drupal::database();
$photos_album_access_id = $db
->query("SELECT id FROM {photos_access_album} WHERE nid = :nid", [
':nid' => $nid,
])
->fetchField();
}
if ($photos_album_access_id) {
$old['updateuser'] = _photos_access_userlist($photos_album_access_id, TRUE);
$old['viewuser'] = _photos_access_userlist($photos_album_access_id, FALSE);
}
}
$default_viewid = isset($node->privacy['viewid']) ? $node->privacy['viewid'] : 0;
$form['privacy']['viewid'] = [
'#type' => 'radios',
'#title' => t('Privacy'),
'#default_value' => $default_viewid,
'#options' => [
t('Open'),
t('Locked'),
t('Designated users'),
t('Password required'),
],
'#prefix' => '<div id="photos_access_privacy">',
'#suffix' => '</div>',
'#ajax' => [
'callback' => 'photos_access_privacy_form_ajax',
'event' => 'change',
'progress' => [
'type' => 'throbber',
'message' => NULL,
],
],
];
// Prep password field.
$classes = ' class="photos-access-password photos_access-hidden-field"';
if ($default_viewid == 3) {
$classes = ' class="photos-access-password"';
}
$form['privacy']['pass'] = [
'#type' => 'password',
'#title' => t('Password'),
'#default_value' => isset($node->privacy['pass']) ? $node->privacy['pass'] : '',
'#prefix' => '<div id="photos_access_password"' . $classes . '>',
'#suffix' => '</div>',
];
// Prep designated users field.
$classes = ' class="photos-access-view-users photos_access-hidden-field"';
if ($default_viewid == 2) {
$classes = ' class="photos-access-view-users"';
}
$userhelp = t('Separated by commas. eg: username1,username2,username3.');
$form['privacy']['viewuser'] = [
'#type' => 'entity_autocomplete',
'#title' => t('Designated users'),
'#description' => t('Add people who will have access to view this node.') . ' ' . (isset($old['viewuser']) ? t('@help The following users have access:', [
'@help' => $userhelp,
]) . ' ' : $userhelp),
'#target_type' => 'user',
'#tags' => TRUE,
'#default_value' => isset($node->privacy['viewuser']) && !is_array($node->privacy['viewuser']) ? $node->privacy['viewuser'] : NULL,
'#process_default_value' => FALSE,
'#prefix' => '<div id="photos_access_viewuser"' . $classes . '>',
'#suffix' => '</div>',
];
if (!empty($old['viewuser'])) {
foreach ($old['viewuser'] as $u) {
$form['privacy']['viewremove'][$u->uid] = [
'#type' => 'checkbox',
'#default_value' => isset($node->viewremove[$u->uid]) ? $node->viewremove[$u->uid] : '',
'#title' => t('Delete: @name', [
'@name' => $u->name,
]),
'#prefix' => '<div id="photos_access_remove"' . $classes . '>',
'#suffix' => '</div>',
];
}
}
$form['privacy']['updateuser'] = [
'#type' => 'entity_autocomplete',
'#title' => t('Add collaborators'),
'#target_type' => 'user',
'#tags' => TRUE,
'#default_value' => isset($node->privacy['updateuser']) && !is_array($node->privacy['updateuser']) ? $node->privacy['updateuser'] : NULL,
'#description' => t('Add people who will have the authority to edit this node.') . ' ' . (isset($old['updateuser']) ? t('@help collaboration users list:', [
'@help' => $userhelp,
]) . ' ' : $userhelp),
];
if (!empty($old['updateuser'])) {
// @todo add option to delete all collaborators.
foreach ($old['updateuser'] as $u) {
$form['privacy']['updateremove'][$u->uid] = [
'#type' => 'checkbox',
'#default_value' => isset($node->updateremove[$u->uid]) ? $node->updateremove[$u->uid] : '',
'#title' => t('Delete: @name', [
'@name' => $u->name,
]),
'#prefix' => '<div id="photos_access_updateremove" class="photos-access-update-remove">',
'#suffix' => '</div>',
];
}
}
$form['#attached']['library'][] = 'photos_access/photos_access.node.form';
// Make sure $node->privacy is available in node_insert and node_update.
$form['#entity_builders'][] = 'photos_access_node_builder';
// Validate password and users.
$form['#validate'][] = 'photos_access_node_validate';
}
if ($node_type == 'photos') {
// Move files if needed.
foreach (array_keys($form['actions']) as $action) {
if ($action != 'preview' && isset($form['actions'][$action]['#type']) && $form['actions'][$action]['#type'] === 'submit') {
$form['actions'][$action]['#submit'][] = 'photos_access_move_files_form_submit';
}
}
}
}
}
/**
* Update privacy form when radio selection changes.
*/
function photos_access_privacy_form_ajax(&$form, FormStateInterface $form_state) {
$privacy = $form_state
->getValue('privacy');
$response = new AjaxResponse();
$response
->addCommand(new CssCommand('#photos_access_viewuser', [
'display' => 'none',
]));
$response
->addCommand(new CssCommand('#photos_access_remove', [
'display' => 'none',
]));
$response
->addCommand(new CssCommand('#photos_access_password', [
'display' => 'none',
]));
if ($privacy['viewid'] == 2) {
// Users.
$response
->addCommand(new CssCommand('#photos_access_viewuser', [
'display' => 'block',
]));
$response
->addCommand(new CssCommand('#photos_access_remove', [
'display' => 'block',
]));
}
elseif ($privacy['viewid'] == 3) {
// Password.
$response
->addCommand(new CssCommand('#photos_access_password', [
'display' => 'block',
]));
}
return $response;
}
/**
* Form submission handler for private file management.
*
* @see photos_access_form_node_form_alter()
*/
function photos_access_move_files_form_submit(&$form, FormStateInterface $form_state) {
$node = $form_state
->getFormObject()
->getEntity();
// Check privacy settings.
$privacy = $form_state
->getValue('privacy');
$public = FALSE;
if (isset($privacy['viewid']) && $privacy['viewid'] == 0) {
// Gallery is open, move files to public.
$public = TRUE;
}
// Check for private file path.
if (PrivateStream::basePath()) {
// Move files if needed.
// @todo Batch API.
photos_access_move_files($node, $public);
}
else {
if (!$public) {
// Set warning message.
\Drupal::messenger()
->addWarning(t('Warning: image files can still
be accessed by visiting the direct URL. For better security, ask your
website admin to setup a private file path.'));
}
}
}
/**
* Move files from public to private and private to public as needed.
*/
function photos_access_move_files($node, $public = TRUE) {
$nid = $node
->id();
$db = \Drupal::database();
// Get user account.
$album_uid = $db
->query("SELECT uid FROM {node_field_data} WHERE nid = :nid", [
':nid' => $nid,
])
->fetchField();
$account = \Drupal::entityTypeManager()
->getStorage('user')
->load($album_uid);
// Query all files in album.
$results = $db
->query("SELECT fid FROM {photos_image} WHERE pid = :nid", [
':nid' => $nid,
]);
// Check file wrapper.
$default_scheme = \Drupal::config('system.file')
->get('default_scheme');
$private_scheme = 'private';
$file_wrapper = $private_scheme . '://';
$new_scheme = $private_scheme;
if ($public) {
// Move files to default filesystem.
$file_wrapper = $default_scheme . '://';
$new_scheme = $default_scheme;
}
$cache_tags = [];
$clear_private_styles = [];
foreach ($results as $result) {
$fid = $result->fid;
/** @var \Drupal\file\FileInterface $file */
$file = File::load($fid);
$uri = $file
->GetFileUri();
if (strstr($uri, $file_wrapper)) {
// File is already in correct place.
// @note continue (check all) or break (assume the rest are also the same)?
// - mixed private and public files could be in the same album if private
// - file path is setup after uploading some images.
continue;
}
// Prepare file directory.
PhotosUpload::path($new_scheme, $file, $account);
// Move file.
$old_file_wrapper = \Drupal::service('stream_wrapper_manager')
->getScheme($uri) . '://';
if ($old_file_wrapper != $file_wrapper) {
$new_uri = str_replace($old_file_wrapper, $file_wrapper, $uri);
file_move($file, $new_uri);
if ($new_scheme == 'public') {
$pathinfo = pathinfo($uri);
$ext = strtolower($pathinfo['extension']);
$clear_private_styles[] = 'image_' . $fid . '.' . $ext;
}
// Clear image page cache.
$cache_tags[] = 'photos:image:' . $fid;
}
}
// Check private image style settings.
$private_styles_setting = \Drupal::config('photos.settings')
->get('photos_private_file_styles');
if (!empty($clear_private_styles) && $private_styles_setting == 'automatic') {
// Delete private image styles.
$private_image_styles_path = $private_scheme . '://photos/tmp_images';
/** @var \Drupal\Core\File\FileSystemInterface $file_system */
$file_system = \Drupal::service('file_system');
foreach ($clear_private_styles as $basename) {
// Find all derivatives for this image.
$file_uris = $file_system
->scanDirectory($private_image_styles_path, '~\\b' . $basename . '\\b~');
foreach ($file_uris as $uri => $data) {
// Delete.
\Drupal::service('file_system')
->delete($uri);
}
}
}
// Clear album page cache.
$cache_tags[] = 'photos:album:' . $nid;
// Invalidate image page and album page cache as needed.
Cache::invalidateTags($cache_tags);
}
/**
* Entity form builder to add the book information to the node.
*
* @todo: Remove this in favor of an entity field.
*/
function photos_access_node_builder($entity_type, NodeInterface $entity, &$form, FormStateInterface $form_state) {
if (!$form_state
->isValueEmpty('privacy')) {
$entity->privacy = $form_state
->getValue('privacy');
}
}
/**
* Implements hook_ENTITY_TYPE_update().
*/
function photos_access_node_update(NodeInterface $node) {
if (\Drupal::config('photos.settings')
->get('photos_access_' . $node
->getType())) {
photos_access_update_access($node, $node->privacy);
}
}
/**
* Implements hook_ENTITY_TYPE_insert().
*/
function photos_access_node_insert(NodeInterface $node) {
if (\Drupal::config('photos.settings')
->get('photos_access_' . $node
->getType())) {
photos_access_update_access($node, $node->privacy);
}
}
/**
* Implements hook_ENTITY_TYPE_access().
*/
function photos_access_node_access(EntityInterface $entity, $operation, AccountInterface $account) {
if (\Drupal::config('photos.settings')
->get('photos_access_' . $entity
->getType())) {
// Check if album password is required.
photos_access_request_album_password();
}
// No opinion.
return AccessResult::neutral();
}
/**
* Album password check.
*/
function photos_access_request_album_password() {
$args = \Drupal::moduleHandler()
->invokeAll('photos_access');
if (is_array($args)) {
$current_path = \Drupal::service('path.current')
->getPath();
$path_args = explode('/', $current_path);
foreach ($args as $arg) {
if ($arg && isset($path_args[2])) {
if ($path_args[2]) {
if ($path_args[2] == 'album') {
$t = _photos_access_pass_type($path_args[3]);
}
else {
$t = _photos_access_pass_type($path_args[2]);
}
}
if (isset($t['view'])) {
if ($t['view']->viewid == 3) {
photos_access_pass_validate($t);
}
}
}
}
}
}
/**
* D7 - Implements hook_node_validate().
*
* @todo: Remove this in favor of entity field API.
*/
function photos_access_node_validate(&$form, FormStateInterface $form_state) {
// Old values.
// $node = $form_state->getFormObject()->getEntity();
// Check if users can be added to list.
$privacy = $form_state
->getValue('privacy');
$access_id = $privacy['access_id'];
if ($access_id) {
// @todo handle all of this on submit.
if (isset($privacy['updateuser']) && !empty($privacy['updateuser'])) {
if ($collaborators = _photos_access_user_validate($privacy['updateuser'], $access_id, TRUE)) {
$form_state
->setErrorByName('privacy][updateuser', $collaborators);
}
}
if (isset($privacy['viewid']) && $privacy['viewid'] == 2) {
if (isset($privacy['viewuser']) && !empty($privacy['viewuser'])) {
if ($designated = _photos_access_user_validate($privacy['viewuser'], $access_id)) {
$form_state
->setErrorByName('privacy][viewuser', $designated);
}
}
}
}
// Check if password is empty.
if (isset($privacy['viewid']) && $privacy['viewid'] == 3) {
if (isset($privacy['pass']) && empty($privacy['pass'])) {
// Check if current password is set.
$db = \Drupal::database();
$current_pass = $db
->query("SELECT pass FROM {photos_access_album} WHERE id = :id", [
':id' => $access_id,
])
->fetchField();
if (!$current_pass) {
$form_state
->setErrorByName('privacy][pass', t('Password required.'));
}
}
}
}
/**
* Validate user access to node.
*/
function _photos_access_user_validate($users, $access_id, $collaborate = FALSE) {
$user = \Drupal::currentUser();
// @todo handle all of this on submit.
$output = '';
foreach ($users as $target) {
$uid = $target['target_id'];
if ($uid != $user
->id()) {
$db = \Drupal::database();
$access_user = $db
->query("SELECT id FROM {photos_access_user} WHERE id = :id AND uid = :uid AND collaborate = :collaborate", [
':id' => $access_id,
':uid' => $uid,
':collaborate' => $collaborate ? 1 : 0,
])
->fetchField();
if ($access_user) {
// @todo get name.
$output = t('User is already on the list: @uid.', [
'@uid' => $uid,
]);
}
}
else {
$output = t("You do not need to add your self to this list.");
}
}
return $output;
}
/**
* Update access to album.
*/
function photos_access_update_access(NodeInterface $node, $privacy_settings) {
// @todo cleanup and simplify with access_id.
if (\Drupal::config('photos.settings')
->get('photos_access_' . $node
->getType())) {
if (!$privacy_settings['eid']) {
if ($privacy_settings['updateuser']) {
// Check if row already exists for this node.
$db = \Drupal::database();
$acc['updateid'] = $db
->query("SELECT id FROM {photos_access_album} WHERE nid = :nid", [
':nid' => $node
->id(),
])
->fetchField();
$privacy_settings['vid'] = $privacy_settings['eid'] = $acc['updateid'];
$db = \Drupal::database();
if ($acc['updateid']) {
// Update existing record.
$db
->update('photos_access_album')
->fields([
'viewid' => $privacy_settings['viewid'],
])
->condition('id', $acc['updateid'])
->execute();
}
else {
// Enter new record.
$acc['updateid'] = $db
->insert('photos_access_album')
->fields([
'nid' => $node
->id(),
'viewid' => $privacy_settings['viewid'],
])
->execute();
}
_photos_access_usersave($privacy_settings['updateuser'], $acc['updateid']);
}
}
else {
// Remove collaborators.
if (isset($privacy_settings['updateremove']) && !empty($privacy_settings['updateremove'])) {
_photos_access_usersdel($privacy_settings['updateremove'], $privacy_settings['eid']);
}
// Save collaborators.
if (isset($privacy_settings['updateuser']) && !empty($privacy_settings['updateuser'])) {
_photos_access_usersave($privacy_settings['updateuser'], $privacy_settings['eid']);
}
$acc['updateid'] = $privacy_settings['eid'];
}
if (!$privacy_settings['vid']) {
// Double check for existing photos_access_album record.
$db = \Drupal::database();
$privacy_settings['vid'] = $privacy_settings['eid'] = $db
->query("SELECT id FROM {photos_access_album} WHERE nid = :nid", [
':nid' => $node
->id(),
])
->fetchField();
}
if (!$privacy_settings['vid']) {
// Insert new record.
$db = \Drupal::database();
$acc['viewid'] = $db
->insert('photos_access_album')
->fields([
'nid' => $node
->id(),
'viewid' => isset($privacy_settings['viewid']) ? $privacy_settings['viewid'] : 0,
'pass' => isset($privacy_settings['pass']) && !empty($privacy_settings['pass']) ? md5($privacy_settings['pass']) : 0,
])
->execute();
if ($privacy_settings['viewid'] && $privacy_settings['viewuser']) {
_photos_access_usersave($privacy_settings['viewuser'], $acc['viewid'], FALSE);
}
}
else {
// Update existing record.
switch ($privacy_settings['viewid']) {
case 0:
case 1:
$db = \Drupal::database();
$db
->update('photos_access_album')
->fields([
':viewid' => $privacy_settings['viewid'],
])
->condition('id', $privacy_settings['vid'])
->execute();
// Delete designated users.
_photos_access_usersdel(0, $privacy_settings['vid'], 1);
break;
case 2:
$db = \Drupal::database();
$db
->update('photos_access_album')
->fields([
':viewid' => $privacy_settings['viewid'],
])
->condition('id', $privacy_settings['vid'])
->execute();
if ($privacy_settings['viewuser']) {
_photos_access_usersave($privacy_settings['viewuser'], $privacy_settings['vid'], FALSE);
}
if (isset($privacy_settings['viewremove'])) {
_photos_access_usersdel($privacy_settings['viewremove'], $privacy_settings['vid']);
}
break;
case 3:
// @todo add option to integrate aes module and encrypt passwords with that.
$db = \Drupal::database();
$old_pass = $db
->query("SELECT pass FROM {photos_access_album} WHERE id = :id", [
':id' => $privacy_settings['vid'],
])
->fetchField();
$pass = isset($privacy_settings['pass']) && !empty($privacy_settings['pass']) ? md5($privacy_settings['pass']) : $old_pass;
// Update password.
$db = \Drupal::database();
$query = $db
->update('photos_access_album');
$update_fields = [
'viewid' => $privacy_settings['viewid'],
];
if (!empty($pass) && $pass != $old_pass) {
$update_fields['pass'] = $pass;
}
$query
->fields($update_fields);
$query
->condition('id', $privacy_settings['vid']);
$query
->execute();
// Delete designated users.
_photos_access_usersdel(0, $privacy_settings['vid'], 1);
}
$acc['viewid'] = $privacy_settings['viewid'];
$acc['vid'] = $privacy_settings['vid'];
}
}
}
/**
* Implements hook_node_load().
*/
function photos_access_node_load($nodes) {
foreach ($nodes as $nid => $node) {
$db = \Drupal::database();
$result = $db
->query('SELECT * FROM {photos_access_album} WHERE nid = :nid', [
':nid' => $nid,
])
->fetchObject();
$info = [];
// @todo change privacy to photos_access to avoid potential conflict.
if ($result) {
// Node privacy settings.
$info['privacy'] = [];
// @todo replace vid and eid with access_id.
$info['privacy']['access_id'] = $result->id;
$info['privacy']['vid'] = $result->id;
$info['privacy']['eid'] = $result->id;
$info['privacy']['viewid'] = $result->viewid;
if ($result->viewid == 3) {
$info['privacy']['pass'] = $result->pass;
}
// Users who can collaborate.
$info['privacy']['updateuser'] = _photos_access_userlist($result->id, TRUE);
// Users who can view.
$info['privacy']['viewuser'] = _photos_access_userlist($result->id, FALSE);
$nodes[$nid]->privacy = $info['privacy'];
}
}
}
/**
* Implements hook_node_delete().
*/
function photos_access_node_delete(NodeInterface $node) {
$db = \Drupal::database();
$db
->delete('photos_access_album')
->condition('nid', $node
->id())
->execute();
if (isset($node->privacy['vid'])) {
$db
->delete('photos_access_user')
->condition('id', $node->privacy['vid'])
->execute();
}
if (isset($node->privacy['eid'])) {
$db
->delete('photos_access_user')
->condition('id', $node->privacy['eid'])
->execute();
}
}
/**
* Delete user from album access list.
*/
function _photos_access_usersdel($value, $id, $type = 0) {
$db = \Drupal::database();
if ($type) {
// Delete all designated users.
$db
->delete('photos_access_user')
->condition('id', $id)
->condition('collaborate', 0)
->execute();
}
elseif (is_array($value)) {
$count = count($value);
$i = 0;
foreach ($value as $key => $remove) {
if ($remove) {
++$i;
$db
->delete('photos_access_user')
->condition('id', $id)
->condition('uid', $key)
->execute();
}
}
if ($count == $i) {
return TRUE;
}
}
}
/**
* List of users who have access to album.
*/
function _photos_access_userlist($id, $collaborate = FALSE) {
$db = \Drupal::database();
$results = $db
->query('SELECT u.uid, u.name FROM {users_field_data} u
INNER JOIN {photos_access_user} a ON u.uid = a.uid
WHERE a.id = :id AND a.collaborate = :collaborate', [
':id' => $id,
':collaborate' => $collaborate ? 1 : 0,
]);
$users = [];
foreach ($results as $a) {
$u = new stdClass();
$u = $a;
$u->username = [
'#theme' => 'username',
'#account' => $a,
];
$users[] = $u;
}
return $users;
}
/**
* Save users to access album list.
*/
function _photos_access_usersave($value, $id, $collaborate = TRUE) {
$values = [];
foreach ($value as $target) {
$values[] = [
'id' => $id,
'uid' => $target['target_id'],
'collaborate' => $collaborate ? 1 : 0,
];
}
if (!empty($values)) {
// @todo check for duplicates?
// Insert users into photos access table.
$db = \Drupal::database();
$query = $db
->insert('photos_access_user')
->fields([
'id',
'uid',
'collaborate',
]);
foreach ($values as $record) {
$query
->values($record);
}
$query
->execute();
}
}
/**
* Implements hook_node_access_records().
*/
function photos_access_node_access_records(NodeInterface $node) {
if (\Drupal::config('photos.settings')
->get('photos_access_' . $node
->getType())) {
if (isset($node->privacy['vid'])) {
// @todo cleanup?
$acc['updateid'] = isset($node->privacy['eid']) ? $node->privacy['eid'] : 0;
$acc['viewid'] = isset($node->privacy['viewid']) ? $node->privacy['viewid'] : '';
$acc['vid'] = $node->privacy['vid'];
}
else {
$acc = isset($_SESSION['photos_access_ac_' . $node
->id()]) ? $_SESSION['photos_access_ac_' . $node
->id()] : '';
}
if (isset($acc['vid']) || isset($acc['updateid'])) {
// Author has full access to all albums they create.
$grants[] = [
'realm' => 'photos_access_author',
'gid' => $node
->getOwnerId(),
'grant_view' => 1,
'grant_update' => 1,
'grant_delete' => 1,
'priority' => 0,
];
// If viewid is 1:locked, only author can view it.
if ($acc['viewid'] != 1) {
// Open is 0.
$photos_access_gid = 0;
if ($acc['viewid'] != 0) {
// If not open use {node}.nid.
$photos_access_gid = $node
->id();
}
$grants[] = [
'realm' => 'photos_access',
'gid' => $photos_access_gid,
'grant_view' => 1,
'grant_update' => 0,
'grant_delete' => 0,
'priority' => 0,
];
}
// Access for collaborators.
if (isset($acc['updateid']) && !empty($acc['updateid'])) {
$grants[] = [
'realm' => 'photos_access_update',
'gid' => $node
->id(),
'grant_view' => 1,
'grant_update' => 1,
'grant_delete' => 0,
'priority' => 0,
];
}
return $grants;
}
if (isset($_SESSION['photos_access_ac_' . $node
->id()])) {
unset($_SESSION['photos_access_ac_' . $node
->id()]);
}
}
}
/**
* Implements hook_photos_access().
*/
function photos_access_photos_access() {
$current_path = \Drupal::service('path.current')
->getPath();
$path_args = explode('/', $current_path);
if (isset($path_args[2]) && $path_args[1] == 'node' && is_numeric($path_args[2])) {
return [
$path_args[2],
];
}
}
/**
* Implements hook_node_grants().
*/
function photos_access_node_grants(AccountInterface $account, $op) {
// Always grant access to view open albums.
$viewid = [
0,
];
// Set uid for author realm to access own albums.
$grants['photos_access_author'] = [
$account
->id(),
];
// Check for private albums that user has access to.
$db = \Drupal::database();
$result = $db
->query('SELECT a.*, b.* FROM {photos_access_album} a INNER JOIN {photos_access_user} b ON a.id = b.id WHERE b.uid = :uid', [
':uid' => $account
->id(),
]);
foreach ($result as $a) {
if ($a->collaborate) {
$updateid[] = $a->nid;
}
elseif ($a->viewid) {
$viewid[] = $a->nid;
}
}
// hook_photos_access()
// - Return array of nids to check for user access.
// - Only album nids that require password.
$args = \Drupal::moduleHandler()
->invokeAll('photos_access');
if (is_array($args)) {
foreach ($args as $arg) {
$result = $db
->query('SELECT id, nid, viewid, pass FROM {photos_access_album} WHERE nid = :nid', [
':nid' => $arg,
]);
foreach ($result as $a) {
// Password is required, check if password is set.
if ($a->viewid == 3 && isset($_SESSION[$a->nid . '_' . session_id()]) && $_SESSION[$a->nid . '_' . session_id()] == $a->pass) {
$viewid[] = $a->nid;
}
}
}
}
switch ($op) {
case 'view':
// Array of gid's for realm.
$grants['photos_access'] = $viewid;
if (isset($updateid[0])) {
$grants['photos_access_update'] = $updateid;
}
break;
case 'update':
if (isset($updateid[0])) {
$grants['photos_access_update'] = $updateid;
}
break;
}
return $grants;
}
/**
* Check validation type.
*/
function _photos_access_pass_type($id, $op = 0) {
$db = \Drupal::database();
if ($op) {
// photos.module.
$result = $db
->query('SELECT a.*, au.collaborate, n.uid, n.type, n.status FROM {photos_access_album} a
INNER JOIN {node_field_data} n ON a.nid = n.nid
INNER JOIN {photos_image} p ON a.nid = p.pid
LEFT JOIN {photos_access_user} au ON a.id = au.id
WHERE p.fid = :id', [
':id' => $id,
]);
}
else {
$result = $db
->query('SELECT a.*, au.collaborate, n.uid, n.type, n.status FROM {photos_access_album} a
INNER JOIN {node_field_data} n ON a.nid = n.nid
LEFT JOIN {photos_access_user} au ON a.id = au.id
WHERE a.nid = :id', [
':id' => $id,
]);
}
$t = [];
foreach ($result as $ac) {
if ($ac->viewid == 3) {
// Password authentication.
$t['view'] = $ac;
}
elseif ($ac->collaborate && $ac->pass) {
// Collaborate privileges.
$t['update'] = $ac;
}
else {
// Continue to node_access verification.
$t['node'] = $ac;
}
}
return $t;
}
/**
* Check password on node page.
*/
function photos_access_pass_validate($t) {
$user = \Drupal::currentUser();
// Check if admin or author.
if ($user
->id() == 1 || isset($t['view']->uid) && $t['view']->uid == $user
->id()) {
return TRUE;
}
if (isset($t['update']->pass)) {
// Check if collaborator.
$db = \Drupal::database();
$result = $db
->query('SELECT uid FROM {photos_access_user} WHERE id = :id', [
':id' => $t['update']->id,
]);
foreach ($result as $a) {
if ($a->uid == $user
->id()) {
return TRUE;
}
}
}
if ($t['view']->nid) {
if (isset($_SESSION[$t['view']->nid . '_' . session_id()])) {
// Check if password matches node password.
if ($_SESSION[$t['view']->nid . '_' . session_id()] == $t['view']->pass) {
return TRUE;
}
// If password is set, but does not match re enter password.
\Drupal::messenger()
->addMessage(t('Password has expired.'));
// Redirect.
$current_path = \Drupal::service('path.current')
->getPath();
$redirect_url = Url::fromUri('base:privacy/pass/' . $t['view']->nid, [
'query' => [
'destination' => $current_path,
],
])
->toString();
$response = new RedirectResponse($redirect_url);
$response
->send();
exit;
}
else {
// If password is not set, password is required.
\Drupal::messenger()
->addMessage(t('Password required.'));
// Redirect.
$current_path = \Drupal::service('path.current')
->getPath();
$redirect_url = Url::fromUri('base:privacy/pass/' . $t['view']->nid, [
'query' => [
'destination' => $current_path,
],
])
->toString();
$response = new RedirectResponse($redirect_url);
$response
->send();
exit;
}
}
}
/**
* Check if user account exists.
*/
function _photos_access_user($u) {
if (isset($u['name'])) {
$db = \Drupal::database();
$ac = $db
->query("SELECT uid, name FROM {users_field_data} WHERE name = :name", [
':name' => $u['name'],
])
->fetchObject();
}
elseif (isset($u['uid'])) {
$db = \Drupal::database();
$ac = $db
->query('SELECT uid, name FROM {users_field_data} WHERE uid = :uid', [
':uid' => $u['uid'],
])
->fetchObject();
}
if (isset($ac->uid)) {
return $ac;
}
}
/**
* Helper function to return options for views album privacy filter.
*/
function _photos_access_album_views_options() {
return [
0 => t('Open'),
1 => t('Locked'),
2 => t('Designated users'),
3 => t('Password required'),
];
}
/**
* Implements hook_views_data().
*/
function photos_access_views_data() {
$data = [];
$data['photos_access_album'] = [];
$data['photos_access_album']['table'] = [];
$data['photos_access_album']['table']['group'] = t('Photos');
$data['photos_access_album']['table']['provider'] = 'photos_access';
// Join node_field_data.
$data['photos_access_album']['table']['join'] = [
'node_field_data' => [
'left_field' => 'nid',
'field' => 'nid',
],
];
// Numeric field, exposed as a field, sort, filter, and argument.
$data['photos_access_album']['viewid'] = [
'title' => t('Privacy'),
'help' => t('Album privacy setting.'),
'field' => [
'id' => 'numeric',
],
'sort' => [
'id' => 'standard',
],
'filter' => [
'id' => 'in_operator',
'options callback' => '_photos_access_album_views_options',
],
'argument' => [
'id' => 'numeric',
],
];
return $data;
}Functions
Name |
Description |
|---|---|
| photos_access_form_node_form_alter | Implements hook_form_BASE_FORM_ID_alter() for form_node. |
| photos_access_help | Implements hook_help(). |
| photos_access_move_files | Move files from public to private and private to public as needed. |
| photos_access_move_files_form_submit | Form submission handler for private file management. |
| photos_access_node_access | Implements hook_ENTITY_TYPE_access(). |
| photos_access_node_access_records | Implements hook_node_access_records(). |
| photos_access_node_builder | Entity form builder to add the book information to the node. |
| photos_access_node_delete | Implements hook_node_delete(). |
| photos_access_node_grants | Implements hook_node_grants(). |
| photos_access_node_insert | Implements hook_ENTITY_TYPE_insert(). |
| photos_access_node_load | Implements hook_node_load(). |
| photos_access_node_update | Implements hook_ENTITY_TYPE_update(). |
| photos_access_node_validate | D7 - Implements hook_node_validate(). |
| photos_access_pass_validate | Check password on node page. |
| photos_access_photos_access | Implements hook_photos_access(). |
| photos_access_privacy_form_ajax | Update privacy form when radio selection changes. |
| photos_access_request_album_password | Album password check. |
| photos_access_update_access | Update access to album. |
| photos_access_views_data | Implements hook_views_data(). |
| _photos_access_album_views_options | Helper function to return options for views album privacy filter. |
| _photos_access_pass_type | Check validation type. |
| _photos_access_user | Check if user account exists. |
| _photos_access_userlist | List of users who have access to album. |
| _photos_access_usersave | Save users to access album list. |
| _photos_access_usersdel | Delete user from album access list. |
| _photos_access_user_validate | Validate user access to node. |