You are here

class EntityAccessHelper in Open Social 8.9

Same name and namespace in other branches
  1. 8 modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  2. 8.2 modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  3. 8.3 modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  4. 8.4 modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  5. 8.5 modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  6. 8.6 modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  7. 8.7 modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  8. 8.8 modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  9. 10.3.x modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  10. 10.0.x modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  11. 10.1.x modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper
  12. 10.2.x modules/custom/entity_access_by_field/src/EntityAccessHelper.php \Drupal\entity_access_by_field\EntityAccessHelper

Helper class for checking entity access.

Hierarchy

Expanded class hierarchy of EntityAccessHelper

2 files declare their use of EntityAccessHelper
EntityAccessTest.php in modules/custom/entity_access_by_field/tests/src/Unit/EntityAccessTest.php
entity_access_by_field.module in modules/custom/entity_access_by_field/entity_access_by_field.module
Entity Access By Field module file.

File

modules/custom/entity_access_by_field/src/EntityAccessHelper.php, line 15

Namespace

Drupal\entity_access_by_field
View source
class EntityAccessHelper {

  /**
   * Array with values which need to be ignored.
   *
   * @todo Add group to ignored values (when outsider role is working).
   *
   * @return array
   *   An array containing a list of values to ignore.
   */
  public static function getIgnoredValues() {
    return [];
  }

  /**
   * NodeAccessCheck for given operation, node and user account.
   */
  public static function nodeAccessCheck(NodeInterface $node, $op, AccountInterface $account) {
    if ($op === 'view') {

      // Check published status.
      if (isset($node->status) && $node->status->value == NODE_NOT_PUBLISHED) {
        $unpublished_own = $account
          ->hasPermission('view own unpublished content');
        if ($node
          ->getOwnerId() !== $account
          ->id() || $node
          ->getOwnerId() === $account
          ->id() && !$unpublished_own) {
          return 1;
        }
      }
      $field_definitions = $node
        ->getFieldDefinitions();

      /* @var \Drupal\Core\Field\FieldConfigInterface $field_definition */
      foreach ($field_definitions as $field_name => $field_definition) {
        if ($field_definition
          ->getType() === 'entity_access_field') {
          $field_values = $node
            ->get($field_name)
            ->getValue();
          if (!empty($field_values)) {
            foreach ($field_values as $field_value) {
              if (isset($field_value['value'])) {
                if (in_array($field_value['value'], EntityAccessHelper::getIgnoredValues())) {
                  return 0;
                }
                $permission_label = $field_definition
                  ->id() . ':' . $field_value['value'];

                // When content is posted in a group and the account does not
                // have permission we return Access::ignore.
                if ($field_value['value'] === 'group') {

                  // Don't look no further.
                  if ($account
                    ->hasPermission('manage all groups')) {
                    return 0;
                  }
                  if (!$account
                    ->hasPermission('view ' . $permission_label . ' content')) {

                    // Lets verify if we are a member for flexible groups.
                    $groups = GroupContent::loadByEntity($node);
                    if (!empty($groups)) {
                      $group = reset($groups)
                        ->getGroup();
                      if ($group instanceof Group && !$group
                        ->getMember($account) && $group
                        ->getGroupType()
                        ->id() === 'flexible_group') {
                        return 1;
                      }
                    }
                    return 0;
                  }
                }
                if ($account
                  ->hasPermission('view ' . $permission_label . ' content')) {
                  return 2;
                }
                if ($account
                  ->id() !== 0 && $account
                  ->id() === $node
                  ->getOwnerId()) {
                  return 2;
                }
              }
            }
          }
          $access = FALSE;
        }
      }
      if (isset($access) && $access === FALSE) {
        return 1;
      }
    }
    return 0;
  }

  /**
   * Gets the Entity access for the given node.
   */
  public static function getEntityAccessResult(NodeInterface $node, $op, AccountInterface $account) {
    $access = EntityAccessHelper::nodeAccessCheck($node, $op, $account);
    $moduleHandler = \Drupal::service('module_handler');

    // If the social_event_invite module is enabled and a person got invited
    // then allow access to view the node.
    // Todo:: Come up with a better solution for this code.
    if ($moduleHandler
      ->moduleExists('social_event_invite')) {
      if ($op == 'view') {
        $conditions = [
          'field_account' => $account
            ->id(),
          'field_event' => $node
            ->id(),
        ];

        // Load the current Event enrollments so we can check duplicates.
        $storage = \Drupal::entityTypeManager()
          ->getStorage('event_enrollment');
        $enrollments = $storage
          ->loadByProperties($conditions);
        if ($enrollment = array_pop($enrollments)) {
          if ($enrollment->field_request_or_invite_status && (int) $enrollment->field_request_or_invite_status->value !== EventEnrollmentInterface::REQUEST_OR_INVITE_DECLINED && (int) $enrollment->field_request_or_invite_status->value !== EventEnrollmentInterface::INVITE_INVALID_OR_EXPIRED) {
            $access = 2;
          }
        }
      }
    }
    switch ($access) {
      case 2:
        return AccessResult::allowed()
          ->cachePerPermissions()
          ->addCacheableDependency($node);
      case 1:
        return AccessResult::forbidden();
    }
    return AccessResult::neutral();
  }

}

Members

Namesort descending Modifiers Type Description Overrides
EntityAccessHelper::getEntityAccessResult public static function Gets the Entity access for the given node.
EntityAccessHelper::getIgnoredValues public static function Array with values which need to be ignored.
EntityAccessHelper::nodeAccessCheck public static function NodeAccessCheck for given operation, node and user account.