function webform_access_webform_submission_query_access_alter in Webform 6.x
Same name and namespace in other branches
- 8.5 modules/webform_access/webform_access.module \webform_access_webform_submission_query_access_alter()
Implements hook_webform_submission_query_access_alter().
File
- modules/
webform_access/ webform_access.module, line 245 - Provides webform access controls for webform nodes.
Code
function webform_access_webform_submission_query_access_alter(AlterableInterface $query, array $webform_submission_tables) {
$account = $query
->getMetaData('account') ?: \Drupal::currentUser();
// Collect access group ids with 'view_any' or 'administer' permissions.
/** @var \Drupal\webform_access\WebformAccessGroupStorageInterface $access_group_storage */
$access_group_storage = \Drupal::entityTypeManager()
->getStorage('webform_access_group');
/** @var \Drupal\webform_access\WebformAccessGroupInterface $access_group */
$access_groups = $access_group_storage
->loadByEntities(NULL, NULL, $account);
$access_any_group_ids = [];
$access_own_group_ids = [];
foreach ($access_groups as $access_group) {
$access_group_permissions = $access_group
->get('permissions');
$access_group_permissions = array_combine($access_group_permissions, $access_group_permissions);
if (isset($access_group_permissions['view_any']) || isset($access_group_permissions['administer'])) {
$access_any_group_ids[] = $access_group
->id();
}
elseif (isset($access_group_permissions['view_own'])) {
$access_own_group_ids[] = $access_group
->id();
}
}
if ($access_any_group_ids) {
// Add access group entity type, entity id, and webform id to the query.
$result = \Drupal::database()
->select('webform_access_group_entity', 'ge')
->fields('ge', [
'entity_type',
'entity_id',
'webform_id',
])
->condition('group_id', $access_any_group_ids, 'IN')
->execute();
while ($record = $result
->fetchAssoc()) {
foreach ($webform_submission_tables as $table) {
/** @var \Drupal\Core\Database\Query\SelectInterface $query */
$condition = $query
->andConditionGroup();
$condition
->condition($table['alias'] . '.entity_type', $record['entity_type']);
$condition
->condition($table['alias'] . '.entity_id', (string) $record['entity_id']);
$condition
->condition($table['alias'] . '.webform_id', $record['webform_id']);
$table['condition']
->condition($condition);
}
}
}
if ($access_own_group_ids) {
// Add access group entity type, entity id, and webform id to the query.
$result = \Drupal::database()
->select('webform_access_group_entity', 'ge')
->fields('ge', [
'entity_type',
'entity_id',
'webform_id',
])
->condition('group_id', $access_own_group_ids, 'IN')
->execute();
while ($record = $result
->fetchAssoc()) {
foreach ($webform_submission_tables as $table) {
/** @var \Drupal\Core\Database\Query\SelectInterface $query */
$condition = $query
->andConditionGroup();
$condition
->condition($table['alias'] . '.uid', $account
->id());
$condition
->condition($table['alias'] . '.entity_type', $record['entity_type']);
$condition
->condition($table['alias'] . '.entity_id', (string) $record['entity_id']);
$condition
->condition($table['alias'] . '.webform_id', $record['webform_id']);
$table['condition']
->condition($condition);
}
}
}
}