annotate core/modules/comment/src/Plugin/EntityReferenceSelection/CommentSelection.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\comment\Plugin\EntityReferenceSelection;
Chris@0 4
Chris@0 5 use Drupal\Core\Database\Query\SelectInterface;
Chris@0 6 use Drupal\Core\Entity\Plugin\EntityReferenceSelection\DefaultSelection;
Chris@0 7 use Drupal\comment\CommentInterface;
Chris@0 8
Chris@0 9 /**
Chris@0 10 * Provides specific access control for the comment entity type.
Chris@0 11 *
Chris@0 12 * @EntityReferenceSelection(
Chris@0 13 * id = "default:comment",
Chris@0 14 * label = @Translation("Comment selection"),
Chris@0 15 * entity_types = {"comment"},
Chris@0 16 * group = "default",
Chris@0 17 * weight = 1
Chris@0 18 * )
Chris@0 19 */
Chris@0 20 class CommentSelection extends DefaultSelection {
Chris@0 21
Chris@0 22 /**
Chris@0 23 * {@inheritdoc}
Chris@0 24 */
Chris@0 25 protected function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
Chris@0 26 $query = parent::buildEntityQuery($match, $match_operator);
Chris@0 27
Chris@0 28 // Adding the 'comment_access' tag is sadly insufficient for comments:
Chris@0 29 // core requires us to also know about the concept of 'published' and
Chris@0 30 // 'unpublished'.
Chris@0 31 if (!$this->currentUser->hasPermission('administer comments')) {
Chris@0 32 $query->condition('status', CommentInterface::PUBLISHED);
Chris@0 33 }
Chris@0 34 return $query;
Chris@0 35 }
Chris@0 36
Chris@0 37 /**
Chris@0 38 * {@inheritdoc}
Chris@0 39 */
Chris@0 40 public function createNewEntity($entity_type_id, $bundle, $label, $uid) {
Chris@0 41 $comment = parent::createNewEntity($entity_type_id, $bundle, $label, $uid);
Chris@0 42
Chris@0 43 // In order to create a referenceable comment, it needs to published.
Chris@0 44 /** @var \Drupal\comment\CommentInterface $comment */
Chris@17 45 $comment->setPublished();
Chris@0 46
Chris@0 47 return $comment;
Chris@0 48 }
Chris@0 49
Chris@0 50 /**
Chris@0 51 * {@inheritdoc}
Chris@0 52 */
Chris@0 53 public function validateReferenceableNewEntities(array $entities) {
Chris@0 54 $entities = parent::validateReferenceableNewEntities($entities);
Chris@0 55 // Mirror the conditions checked in buildEntityQuery().
Chris@0 56 if (!$this->currentUser->hasPermission('administer comments')) {
Chris@0 57 $entities = array_filter($entities, function ($comment) {
Chris@0 58 /** @var \Drupal\comment\CommentInterface $comment */
Chris@0 59 return $comment->isPublished();
Chris@0 60 });
Chris@0 61 }
Chris@0 62 return $entities;
Chris@0 63 }
Chris@0 64
Chris@0 65 /**
Chris@0 66 * {@inheritdoc}
Chris@0 67 */
Chris@0 68 public function entityQueryAlter(SelectInterface $query) {
Chris@0 69 parent::entityQueryAlter($query);
Chris@0 70
Chris@0 71 $tables = $query->getTables();
Chris@0 72 $data_table = 'comment_field_data';
Chris@0 73 if (!isset($tables['comment_field_data']['alias'])) {
Chris@0 74 // If no conditions join against the comment data table, it should be
Chris@0 75 // joined manually to allow node access processing.
Chris@0 76 $query->innerJoin($data_table, NULL, "base_table.cid = $data_table.cid AND $data_table.default_langcode = 1");
Chris@0 77 }
Chris@0 78
Chris@0 79 // The Comment module doesn't implement any proper comment access,
Chris@0 80 // and as a consequence doesn't make sure that comments cannot be viewed
Chris@0 81 // when the user doesn't have access to the node.
Chris@0 82 $node_alias = $query->innerJoin('node_field_data', 'n', '%alias.nid = ' . $data_table . '.entity_id AND ' . $data_table . ".entity_type = 'node'");
Chris@0 83 // Pass the query to the node access control.
Chris@0 84 $this->reAlterQuery($query, 'node_access', $node_alias);
Chris@0 85
Chris@0 86 // Passing the query to node_query_node_access_alter() is sadly
Chris@0 87 // insufficient for nodes.
Chris@14 88 // @see \Drupal\node\Plugin\EntityReferenceSelection\NodeSelection::buildEntityQuery()
Chris@0 89 if (!$this->currentUser->hasPermission('bypass node access') && !count($this->moduleHandler->getImplementations('node_grants'))) {
Chris@0 90 $query->condition($node_alias . '.status', 1);
Chris@0 91 }
Chris@0 92 }
Chris@0 93
Chris@0 94 }