annotate core/modules/node/src/Access/NodeRevisionAccessCheck.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents af1871eacc83
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\node\Access;
Chris@0 4
Chris@0 5 use Drupal\Core\Access\AccessResult;
Chris@18 6 use Drupal\Core\Entity\EntityTypeManagerInterface;
Chris@0 7 use Drupal\Core\Routing\Access\AccessInterface;
Chris@0 8 use Drupal\Core\Session\AccountInterface;
Chris@0 9 use Drupal\node\NodeInterface;
Chris@0 10 use Symfony\Component\Routing\Route;
Chris@0 11
Chris@0 12 /**
Chris@0 13 * Provides an access checker for node revisions.
Chris@0 14 *
Chris@0 15 * @ingroup node_access
Chris@0 16 */
Chris@0 17 class NodeRevisionAccessCheck implements AccessInterface {
Chris@0 18
Chris@0 19 /**
Chris@0 20 * The node storage.
Chris@0 21 *
Chris@0 22 * @var \Drupal\node\NodeStorageInterface
Chris@0 23 */
Chris@0 24 protected $nodeStorage;
Chris@0 25
Chris@0 26 /**
Chris@0 27 * The node access control handler.
Chris@0 28 *
Chris@0 29 * @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
Chris@0 30 */
Chris@0 31 protected $nodeAccess;
Chris@0 32
Chris@0 33 /**
Chris@0 34 * A static cache of access checks.
Chris@0 35 *
Chris@0 36 * @var array
Chris@0 37 */
Chris@0 38 protected $access = [];
Chris@0 39
Chris@0 40 /**
Chris@0 41 * Constructs a new NodeRevisionAccessCheck.
Chris@0 42 *
Chris@18 43 * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
Chris@18 44 * The entity type manager.
Chris@0 45 */
Chris@18 46 public function __construct(EntityTypeManagerInterface $entity_type_manager) {
Chris@18 47 $this->nodeStorage = $entity_type_manager->getStorage('node');
Chris@18 48 $this->nodeAccess = $entity_type_manager->getAccessControlHandler('node');
Chris@0 49 }
Chris@0 50
Chris@0 51 /**
Chris@0 52 * Checks routing access for the node revision.
Chris@0 53 *
Chris@0 54 * @param \Symfony\Component\Routing\Route $route
Chris@0 55 * The route to check against.
Chris@0 56 * @param \Drupal\Core\Session\AccountInterface $account
Chris@0 57 * The currently logged in account.
Chris@0 58 * @param int $node_revision
Chris@0 59 * (optional) The node revision ID. If not specified, but $node is, access
Chris@0 60 * is checked for that object's revision.
Chris@0 61 * @param \Drupal\node\NodeInterface $node
Chris@0 62 * (optional) A node object. Used for checking access to a node's default
Chris@0 63 * revision when $node_revision is unspecified. Ignored when $node_revision
Chris@0 64 * is specified. If neither $node_revision nor $node are specified, then
Chris@0 65 * access is denied.
Chris@0 66 *
Chris@0 67 * @return \Drupal\Core\Access\AccessResultInterface
Chris@0 68 * The access result.
Chris@0 69 */
Chris@0 70 public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL) {
Chris@0 71 if ($node_revision) {
Chris@0 72 $node = $this->nodeStorage->loadRevision($node_revision);
Chris@0 73 }
Chris@0 74 $operation = $route->getRequirement('_access_node_revision');
Chris@0 75 return AccessResult::allowedIf($node && $this->checkAccess($node, $account, $operation))->cachePerPermissions()->addCacheableDependency($node);
Chris@0 76 }
Chris@0 77
Chris@0 78 /**
Chris@0 79 * Checks node revision access.
Chris@0 80 *
Chris@0 81 * @param \Drupal\node\NodeInterface $node
Chris@0 82 * The node to check.
Chris@0 83 * @param \Drupal\Core\Session\AccountInterface $account
Chris@0 84 * A user object representing the user for whom the operation is to be
Chris@0 85 * performed.
Chris@0 86 * @param string $op
Chris@0 87 * (optional) The specific operation being checked. Defaults to 'view.'
Chris@0 88 *
Chris@0 89 * @return bool
Chris@0 90 * TRUE if the operation may be performed, FALSE otherwise.
Chris@0 91 */
Chris@0 92 public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view') {
Chris@0 93 $map = [
Chris@0 94 'view' => 'view all revisions',
Chris@0 95 'update' => 'revert all revisions',
Chris@0 96 'delete' => 'delete all revisions',
Chris@0 97 ];
Chris@0 98 $bundle = $node->bundle();
Chris@0 99 $type_map = [
Chris@0 100 'view' => "view $bundle revisions",
Chris@0 101 'update' => "revert $bundle revisions",
Chris@0 102 'delete' => "delete $bundle revisions",
Chris@0 103 ];
Chris@0 104
Chris@0 105 if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
Chris@0 106 // If there was no node to check against, or the $op was not one of the
Chris@0 107 // supported ones, we return access denied.
Chris@0 108 return FALSE;
Chris@0 109 }
Chris@0 110
Chris@0 111 // Statically cache access by revision ID, language code, user account ID,
Chris@0 112 // and operation.
Chris@0 113 $langcode = $node->language()->getId();
Chris@0 114 $cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op;
Chris@0 115
Chris@0 116 if (!isset($this->access[$cid])) {
Chris@0 117 // Perform basic permission checks first.
Chris@0 118 if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) {
Chris@0 119 $this->access[$cid] = FALSE;
Chris@0 120 return FALSE;
Chris@0 121 }
Chris@18 122 // If the revisions checkbox is selected for the content type, display the
Chris@18 123 // revisions tab.
Chris@18 124 $bundle_entity_type = $node->getEntityType()->getBundleEntityType();
Chris@18 125 $bundle_entity = \Drupal::entityTypeManager()->getStorage($bundle_entity_type)->load($bundle);
Chris@18 126 if ($bundle_entity->shouldCreateNewRevision() && $op === 'view') {
Chris@0 127 $this->access[$cid] = TRUE;
Chris@0 128 }
Chris@0 129 else {
Chris@18 130 // There should be at least two revisions. If the vid of the given node
Chris@18 131 // and the vid of the default revision differ, then we already have two
Chris@18 132 // different revisions so there is no need for a separate database
Chris@18 133 // check. Also, if you try to revert to or delete the default revision,
Chris@18 134 // that's not good.
Chris@18 135 if ($node->isDefaultRevision() && ($this->nodeStorage->countDefaultLanguageRevisions($node) == 1 || $op === 'update' || $op === 'delete')) {
Chris@18 136 $this->access[$cid] = FALSE;
Chris@18 137 }
Chris@18 138 elseif ($account->hasPermission('administer nodes')) {
Chris@18 139 $this->access[$cid] = TRUE;
Chris@18 140 }
Chris@18 141 else {
Chris@18 142 // First check the access to the default revision and finally, if the
Chris@18 143 // node passed in is not the default revision then check access to
Chris@18 144 // that, too.
Chris@18 145 $this->access[$cid] = $this->nodeAccess->access($this->nodeStorage->load($node->id()), $op, $account) && ($node->isDefaultRevision() || $this->nodeAccess->access($node, $op, $account));
Chris@18 146 }
Chris@0 147 }
Chris@0 148 }
Chris@0 149
Chris@0 150 return $this->access[$cid];
Chris@0 151 }
Chris@0 152
Chris@0 153 }