Chris@0
|
1 <?php
|
Chris@0
|
2
|
Chris@0
|
3 namespace Drupal\node\Access;
|
Chris@0
|
4
|
Chris@0
|
5 use Drupal\Core\Access\AccessResult;
|
Chris@18
|
6 use Drupal\Core\Entity\EntityTypeManagerInterface;
|
Chris@0
|
7 use Drupal\Core\Routing\Access\AccessInterface;
|
Chris@0
|
8 use Drupal\Core\Session\AccountInterface;
|
Chris@0
|
9 use Drupal\node\NodeInterface;
|
Chris@0
|
10 use Symfony\Component\Routing\Route;
|
Chris@0
|
11
|
Chris@0
|
12 /**
|
Chris@0
|
13 * Provides an access checker for node revisions.
|
Chris@0
|
14 *
|
Chris@0
|
15 * @ingroup node_access
|
Chris@0
|
16 */
|
Chris@0
|
17 class NodeRevisionAccessCheck implements AccessInterface {
|
Chris@0
|
18
|
Chris@0
|
19 /**
|
Chris@0
|
20 * The node storage.
|
Chris@0
|
21 *
|
Chris@0
|
22 * @var \Drupal\node\NodeStorageInterface
|
Chris@0
|
23 */
|
Chris@0
|
24 protected $nodeStorage;
|
Chris@0
|
25
|
Chris@0
|
26 /**
|
Chris@0
|
27 * The node access control handler.
|
Chris@0
|
28 *
|
Chris@0
|
29 * @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
|
Chris@0
|
30 */
|
Chris@0
|
31 protected $nodeAccess;
|
Chris@0
|
32
|
Chris@0
|
33 /**
|
Chris@0
|
34 * A static cache of access checks.
|
Chris@0
|
35 *
|
Chris@0
|
36 * @var array
|
Chris@0
|
37 */
|
Chris@0
|
38 protected $access = [];
|
Chris@0
|
39
|
Chris@0
|
40 /**
|
Chris@0
|
41 * Constructs a new NodeRevisionAccessCheck.
|
Chris@0
|
42 *
|
Chris@18
|
43 * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
|
Chris@18
|
44 * The entity type manager.
|
Chris@0
|
45 */
|
Chris@18
|
46 public function __construct(EntityTypeManagerInterface $entity_type_manager) {
|
Chris@18
|
47 $this->nodeStorage = $entity_type_manager->getStorage('node');
|
Chris@18
|
48 $this->nodeAccess = $entity_type_manager->getAccessControlHandler('node');
|
Chris@0
|
49 }
|
Chris@0
|
50
|
Chris@0
|
51 /**
|
Chris@0
|
52 * Checks routing access for the node revision.
|
Chris@0
|
53 *
|
Chris@0
|
54 * @param \Symfony\Component\Routing\Route $route
|
Chris@0
|
55 * The route to check against.
|
Chris@0
|
56 * @param \Drupal\Core\Session\AccountInterface $account
|
Chris@0
|
57 * The currently logged in account.
|
Chris@0
|
58 * @param int $node_revision
|
Chris@0
|
59 * (optional) The node revision ID. If not specified, but $node is, access
|
Chris@0
|
60 * is checked for that object's revision.
|
Chris@0
|
61 * @param \Drupal\node\NodeInterface $node
|
Chris@0
|
62 * (optional) A node object. Used for checking access to a node's default
|
Chris@0
|
63 * revision when $node_revision is unspecified. Ignored when $node_revision
|
Chris@0
|
64 * is specified. If neither $node_revision nor $node are specified, then
|
Chris@0
|
65 * access is denied.
|
Chris@0
|
66 *
|
Chris@0
|
67 * @return \Drupal\Core\Access\AccessResultInterface
|
Chris@0
|
68 * The access result.
|
Chris@0
|
69 */
|
Chris@0
|
70 public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL) {
|
Chris@0
|
71 if ($node_revision) {
|
Chris@0
|
72 $node = $this->nodeStorage->loadRevision($node_revision);
|
Chris@0
|
73 }
|
Chris@0
|
74 $operation = $route->getRequirement('_access_node_revision');
|
Chris@0
|
75 return AccessResult::allowedIf($node && $this->checkAccess($node, $account, $operation))->cachePerPermissions()->addCacheableDependency($node);
|
Chris@0
|
76 }
|
Chris@0
|
77
|
Chris@0
|
78 /**
|
Chris@0
|
79 * Checks node revision access.
|
Chris@0
|
80 *
|
Chris@0
|
81 * @param \Drupal\node\NodeInterface $node
|
Chris@0
|
82 * The node to check.
|
Chris@0
|
83 * @param \Drupal\Core\Session\AccountInterface $account
|
Chris@0
|
84 * A user object representing the user for whom the operation is to be
|
Chris@0
|
85 * performed.
|
Chris@0
|
86 * @param string $op
|
Chris@0
|
87 * (optional) The specific operation being checked. Defaults to 'view.'
|
Chris@0
|
88 *
|
Chris@0
|
89 * @return bool
|
Chris@0
|
90 * TRUE if the operation may be performed, FALSE otherwise.
|
Chris@0
|
91 */
|
Chris@0
|
92 public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view') {
|
Chris@0
|
93 $map = [
|
Chris@0
|
94 'view' => 'view all revisions',
|
Chris@0
|
95 'update' => 'revert all revisions',
|
Chris@0
|
96 'delete' => 'delete all revisions',
|
Chris@0
|
97 ];
|
Chris@0
|
98 $bundle = $node->bundle();
|
Chris@0
|
99 $type_map = [
|
Chris@0
|
100 'view' => "view $bundle revisions",
|
Chris@0
|
101 'update' => "revert $bundle revisions",
|
Chris@0
|
102 'delete' => "delete $bundle revisions",
|
Chris@0
|
103 ];
|
Chris@0
|
104
|
Chris@0
|
105 if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
|
Chris@0
|
106 // If there was no node to check against, or the $op was not one of the
|
Chris@0
|
107 // supported ones, we return access denied.
|
Chris@0
|
108 return FALSE;
|
Chris@0
|
109 }
|
Chris@0
|
110
|
Chris@0
|
111 // Statically cache access by revision ID, language code, user account ID,
|
Chris@0
|
112 // and operation.
|
Chris@0
|
113 $langcode = $node->language()->getId();
|
Chris@0
|
114 $cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op;
|
Chris@0
|
115
|
Chris@0
|
116 if (!isset($this->access[$cid])) {
|
Chris@0
|
117 // Perform basic permission checks first.
|
Chris@0
|
118 if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) {
|
Chris@0
|
119 $this->access[$cid] = FALSE;
|
Chris@0
|
120 return FALSE;
|
Chris@0
|
121 }
|
Chris@18
|
122 // If the revisions checkbox is selected for the content type, display the
|
Chris@18
|
123 // revisions tab.
|
Chris@18
|
124 $bundle_entity_type = $node->getEntityType()->getBundleEntityType();
|
Chris@18
|
125 $bundle_entity = \Drupal::entityTypeManager()->getStorage($bundle_entity_type)->load($bundle);
|
Chris@18
|
126 if ($bundle_entity->shouldCreateNewRevision() && $op === 'view') {
|
Chris@0
|
127 $this->access[$cid] = TRUE;
|
Chris@0
|
128 }
|
Chris@0
|
129 else {
|
Chris@18
|
130 // There should be at least two revisions. If the vid of the given node
|
Chris@18
|
131 // and the vid of the default revision differ, then we already have two
|
Chris@18
|
132 // different revisions so there is no need for a separate database
|
Chris@18
|
133 // check. Also, if you try to revert to or delete the default revision,
|
Chris@18
|
134 // that's not good.
|
Chris@18
|
135 if ($node->isDefaultRevision() && ($this->nodeStorage->countDefaultLanguageRevisions($node) == 1 || $op === 'update' || $op === 'delete')) {
|
Chris@18
|
136 $this->access[$cid] = FALSE;
|
Chris@18
|
137 }
|
Chris@18
|
138 elseif ($account->hasPermission('administer nodes')) {
|
Chris@18
|
139 $this->access[$cid] = TRUE;
|
Chris@18
|
140 }
|
Chris@18
|
141 else {
|
Chris@18
|
142 // First check the access to the default revision and finally, if the
|
Chris@18
|
143 // node passed in is not the default revision then check access to
|
Chris@18
|
144 // that, too.
|
Chris@18
|
145 $this->access[$cid] = $this->nodeAccess->access($this->nodeStorage->load($node->id()), $op, $account) && ($node->isDefaultRevision() || $this->nodeAccess->access($node, $op, $account));
|
Chris@18
|
146 }
|
Chris@0
|
147 }
|
Chris@0
|
148 }
|
Chris@0
|
149
|
Chris@0
|
150 return $this->access[$cid];
|
Chris@0
|
151 }
|
Chris@0
|
152
|
Chris@0
|
153 }
|