|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\node;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Core\Session\AccountInterface;
|
|
Chris@0
|
6
|
|
Chris@0
|
7 /**
|
|
Chris@0
|
8 * Provides an interface for node access grant storage.
|
|
Chris@0
|
9 *
|
|
Chris@0
|
10 * @ingroup node_access
|
|
Chris@0
|
11 */
|
|
Chris@0
|
12 interface NodeGrantDatabaseStorageInterface {
|
|
Chris@0
|
13
|
|
Chris@0
|
14 /**
|
|
Chris@0
|
15 * Checks all grants for a given account.
|
|
Chris@0
|
16 *
|
|
Chris@0
|
17 * @param \Drupal\Core\Session\AccountInterface $account
|
|
Chris@0
|
18 * A user object representing the user for whom the operation is to be
|
|
Chris@0
|
19 * performed.
|
|
Chris@0
|
20 *
|
|
Chris@0
|
21 * @return int
|
|
Chris@0
|
22 * Status of the access check.
|
|
Chris@0
|
23 */
|
|
Chris@0
|
24 public function checkAll(AccountInterface $account);
|
|
Chris@0
|
25
|
|
Chris@0
|
26 /**
|
|
Chris@0
|
27 * Alters a query when node access is required.
|
|
Chris@0
|
28 *
|
|
Chris@0
|
29 * @param mixed $query
|
|
Chris@0
|
30 * Query that is being altered.
|
|
Chris@0
|
31 * @param array $tables
|
|
Chris@0
|
32 * A list of tables that need to be part of the alter.
|
|
Chris@0
|
33 * @param string $op
|
|
Chris@0
|
34 * The operation to be performed on the node. Possible values are:
|
|
Chris@0
|
35 * - "view"
|
|
Chris@0
|
36 * - "update"
|
|
Chris@0
|
37 * - "delete"
|
|
Chris@0
|
38 * - "create"
|
|
Chris@0
|
39 * @param \Drupal\Core\Session\AccountInterface $account
|
|
Chris@0
|
40 * A user object representing the user for whom the operation is to be
|
|
Chris@0
|
41 * performed.
|
|
Chris@0
|
42 * @param string $base_table
|
|
Chris@0
|
43 * The base table of the query.
|
|
Chris@0
|
44 *
|
|
Chris@0
|
45 * @return int
|
|
Chris@0
|
46 * Status of the access check.
|
|
Chris@0
|
47 */
|
|
Chris@0
|
48 public function alterQuery($query, array $tables, $op, AccountInterface $account, $base_table);
|
|
Chris@0
|
49
|
|
Chris@0
|
50 /**
|
|
Chris@0
|
51 * Writes a list of grants to the database, deleting previously saved ones.
|
|
Chris@0
|
52 *
|
|
Chris@0
|
53 * If a realm is provided, it will only delete grants from that realm, but
|
|
Chris@0
|
54 * it will always delete a grant from the 'all' realm. Modules that use
|
|
Chris@0
|
55 * node access can use this method when doing mass updates due to widespread
|
|
Chris@0
|
56 * permission changes.
|
|
Chris@0
|
57 *
|
|
Chris@0
|
58 * Note: Don't call this method directly from a contributed module. Call
|
|
Chris@0
|
59 * \Drupal\node\NodeAccessControlHandlerInterface::acquireGrants() instead.
|
|
Chris@0
|
60 *
|
|
Chris@0
|
61 * @param \Drupal\node\NodeInterface $node
|
|
Chris@0
|
62 * The node whose grants are being written.
|
|
Chris@0
|
63 * @param array $grants
|
|
Chris@0
|
64 * A list of grants to write. Each grant is an array that must contain the
|
|
Chris@0
|
65 * following keys: realm, gid, grant_view, grant_update, grant_delete.
|
|
Chris@0
|
66 * The realm is specified by a particular module; the gid is as well, and
|
|
Chris@0
|
67 * is a module-defined id to define grant privileges. each grant_* field
|
|
Chris@0
|
68 * is a boolean value.
|
|
Chris@0
|
69 * @param string $realm
|
|
Chris@0
|
70 * (optional) If provided, read/write grants for that realm only. Defaults to
|
|
Chris@0
|
71 * NULL.
|
|
Chris@0
|
72 * @param bool $delete
|
|
Chris@0
|
73 * (optional) If false, does not delete records. This is only for optimization
|
|
Chris@0
|
74 * purposes, and assumes the caller has already performed a mass delete of
|
|
Chris@0
|
75 * some form. Defaults to TRUE.
|
|
Chris@0
|
76 */
|
|
Chris@0
|
77 public function write(NodeInterface $node, array $grants, $realm = NULL, $delete = TRUE);
|
|
Chris@0
|
78
|
|
Chris@0
|
79 /**
|
|
Chris@0
|
80 * Deletes all node access entries.
|
|
Chris@0
|
81 */
|
|
Chris@0
|
82 public function delete();
|
|
Chris@0
|
83
|
|
Chris@0
|
84 /**
|
|
Chris@0
|
85 * Creates the default node access grant entry.
|
|
Chris@0
|
86 */
|
|
Chris@0
|
87 public function writeDefault();
|
|
Chris@0
|
88
|
|
Chris@0
|
89 /**
|
|
Chris@0
|
90 * Determines access to nodes based on node grants.
|
|
Chris@0
|
91 *
|
|
Chris@0
|
92 * @param \Drupal\node\NodeInterface $node
|
|
Chris@0
|
93 * The entity for which to check 'create' access.
|
|
Chris@0
|
94 * @param string $operation
|
|
Chris@0
|
95 * The entity operation. Usually one of 'view', 'edit', 'create' or
|
|
Chris@0
|
96 * 'delete'.
|
|
Chris@0
|
97 * @param \Drupal\Core\Session\AccountInterface $account
|
|
Chris@0
|
98 * The user for which to check access.
|
|
Chris@0
|
99 *
|
|
Chris@0
|
100 * @return \Drupal\Core\Access\AccessResultInterface
|
|
Chris@0
|
101 * The access result, either allowed or neutral. If there are no node
|
|
Chris@0
|
102 * grants, the default grant defined by writeDefault() is applied.
|
|
Chris@0
|
103 *
|
|
Chris@0
|
104 * @see hook_node_grants()
|
|
Chris@0
|
105 * @see hook_node_access_records()
|
|
Chris@0
|
106 * @see \Drupal\node\NodeGrantDatabaseStorageInterface::writeDefault()
|
|
Chris@0
|
107 */
|
|
Chris@0
|
108 public function access(NodeInterface $node, $operation, AccountInterface $account);
|
|
Chris@0
|
109
|
|
Chris@0
|
110 /**
|
|
Chris@0
|
111 * Counts available node grants.
|
|
Chris@0
|
112 *
|
|
Chris@0
|
113 * @return int
|
|
Chris@0
|
114 * Returns the amount of node grants.
|
|
Chris@0
|
115 */
|
|
Chris@0
|
116 public function count();
|
|
Chris@0
|
117
|
|
Chris@0
|
118 /**
|
|
Chris@0
|
119 * Remove the access records belonging to certain nodes.
|
|
Chris@0
|
120 *
|
|
Chris@0
|
121 * @param array $nids
|
|
Chris@0
|
122 * A list of node IDs. The grant records belonging to these nodes will be
|
|
Chris@0
|
123 * deleted.
|
|
Chris@0
|
124 */
|
|
Chris@0
|
125 public function deleteNodeRecords(array $nids);
|
|
Chris@0
|
126
|
|
Chris@0
|
127 }
|
