You are here

function private_content_node_access in Private 8.2

Implements hook_node_access().

File

./private_content.module, line 161
A tremendously simple access control module -- it allows users to mark individual nodes as private; users with 'access private content' perms can read these nodes, while others cannot.

Code

function private_content_node_access(NodeInterface $node, $op, AccountInterface $account) {

  // Apply restrictions on private nodes, except for the owner.
  $owner = !$account
    ->isAnonymous() && $node
    ->getOwnerId() == $account
    ->id();
  if (!$owner && private_content_get_value($node)) {
    if ($op == 'update' || $op == 'delete') {
      if (!$account
        ->hasPermission('edit private content')) {

        // Missing access for write.
        return AccessResult::forbidden()
          ->cachePerPermissions()
          ->cachePerUser()
          ->addCacheableDependency($node);
      }
    }
    elseif ($op == 'view') {
      if (!$account
        ->hasPermission('access private content')) {

        // Missing access for view.
        return AccessResult::forbidden()
          ->cachePerPermissions()
          ->cachePerUser()
          ->addCacheableDependency($node);
      }
    }
  }

  // Otherwise, fall back to the pre-existing access rules in core/modules.
  // Note that this module never grants extra access, it only removes it.
  return AccessResult::neutral();
}