Mercurial > hg > isophonics-drupal-site

comparison core/modules/node/src/Access/NodeRevisionAccessCheck.php @ 0:4c8ae668cc8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import (non-working)
author Chris Cannam
date Wed, 29 Nov 2017 16:09:58 +0000
parents
children af1871eacc83
comparison
equal deleted inserted replaced
-1:000000000000 0:4c8ae668cc8c
1 <?php
2
3 namespace Drupal\node\Access;
4
5 use Drupal\Core\Access\AccessResult;
6 use Drupal\Core\Entity\EntityManagerInterface;
7 use Drupal\Core\Routing\Access\AccessInterface;
8 use Drupal\Core\Session\AccountInterface;
9 use Drupal\node\NodeInterface;
10 use Symfony\Component\Routing\Route;
11
12 /**
13 * Provides an access checker for node revisions.
14 *
15 * @ingroup node_access
16 */
17 class NodeRevisionAccessCheck implements AccessInterface {
18
19 /**
20 * The node storage.
21 *
22 * @var \Drupal\node\NodeStorageInterface
23 */
24 protected $nodeStorage;
25
26 /**
27 * The node access control handler.
28 *
29 * @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
30 */
31 protected $nodeAccess;
32
33 /**
34 * A static cache of access checks.
35 *
36 * @var array
37 */
38 protected $access = [];
39
40 /**
41 * Constructs a new NodeRevisionAccessCheck.
42 *
43 * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
44 * The entity manager.
45 */
46 public function __construct(EntityManagerInterface $entity_manager) {
47 $this->nodeStorage = $entity_manager->getStorage('node');
48 $this->nodeAccess = $entity_manager->getAccessControlHandler('node');
49 }
50
51 /**
52 * Checks routing access for the node revision.
53 *
54 * @param \Symfony\Component\Routing\Route $route
55 * The route to check against.
56 * @param \Drupal\Core\Session\AccountInterface $account
57 * The currently logged in account.
58 * @param int $node_revision
59 * (optional) The node revision ID. If not specified, but $node is, access
60 * is checked for that object's revision.
61 * @param \Drupal\node\NodeInterface $node
62 * (optional) A node object. Used for checking access to a node's default
63 * revision when $node_revision is unspecified. Ignored when $node_revision
64 * is specified. If neither $node_revision nor $node are specified, then
65 * access is denied.
66 *
67 * @return \Drupal\Core\Access\AccessResultInterface
68 * The access result.
69 */
70 public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL) {
71 if ($node_revision) {
72 $node = $this->nodeStorage->loadRevision($node_revision);
73 }
74 $operation = $route->getRequirement('_access_node_revision');
75 return AccessResult::allowedIf($node && $this->checkAccess($node, $account, $operation))->cachePerPermissions()->addCacheableDependency($node);
76 }
77
78 /**
79 * Checks node revision access.
80 *
81 * @param \Drupal\node\NodeInterface $node
82 * The node to check.
83 * @param \Drupal\Core\Session\AccountInterface $account
84 * A user object representing the user for whom the operation is to be
85 * performed.
86 * @param string $op
87 * (optional) The specific operation being checked. Defaults to 'view.'
88 *
89 * @return bool
90 * TRUE if the operation may be performed, FALSE otherwise.
91 */
92 public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view') {
93 $map = [
94 'view' => 'view all revisions',
95 'update' => 'revert all revisions',
96 'delete' => 'delete all revisions',
97 ];
98 $bundle = $node->bundle();
99 $type_map = [
100 'view' => "view $bundle revisions",
101 'update' => "revert $bundle revisions",
102 'delete' => "delete $bundle revisions",
103 ];
104
105 if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
106 // If there was no node to check against, or the $op was not one of the
107 // supported ones, we return access denied.
108 return FALSE;
109 }
110
111 // Statically cache access by revision ID, language code, user account ID,
112 // and operation.
113 $langcode = $node->language()->getId();
114 $cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op;
115
116 if (!isset($this->access[$cid])) {
117 // Perform basic permission checks first.
118 if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) {
119 $this->access[$cid] = FALSE;
120 return FALSE;
121 }
122
123 // There should be at least two revisions. If the vid of the given node
124 // and the vid of the default revision differ, then we already have two
125 // different revisions so there is no need for a separate database check.
126 // Also, if you try to revert to or delete the default revision, that's
127 // not good.
128 if ($node->isDefaultRevision() && ($this->nodeStorage->countDefaultLanguageRevisions($node) == 1 || $op == 'update' || $op == 'delete')) {
129 $this->access[$cid] = FALSE;
130 }
131 elseif ($account->hasPermission('administer nodes')) {
132 $this->access[$cid] = TRUE;
133 }
134 else {
135 // First check the access to the default revision and finally, if the
136 // node passed in is not the default revision then access to that, too.
137 $this->access[$cid] = $this->nodeAccess->access($this->nodeStorage->load($node->id()), $op, $account) && ($node->isDefaultRevision() || $this->nodeAccess->access($node, $op, $account));
138 }
139 }
140
141 return $this->access[$cid];
142 }
143
144 }