Chris@0: hasPermission('administer comments'); Chris@0: if ($operation == 'approve') { Chris@0: return AccessResult::allowedIf($comment_admin && !$entity->isPublished()) Chris@0: ->cachePerPermissions() Chris@0: ->addCacheableDependency($entity); Chris@0: } Chris@0: Chris@0: if ($comment_admin) { Chris@0: $access = AccessResult::allowed()->cachePerPermissions(); Chris@0: return ($operation != 'view') ? $access : $access->andIf($entity->getCommentedEntity()->access($operation, $account, TRUE)); Chris@0: } Chris@0: Chris@0: switch ($operation) { Chris@0: case 'view': Chris@0: $access_result = AccessResult::allowedIf($account->hasPermission('access comments') && $entity->isPublished())->cachePerPermissions()->addCacheableDependency($entity) Chris@0: ->andIf($entity->getCommentedEntity()->access($operation, $account, TRUE)); Chris@0: if (!$access_result->isAllowed()) { Chris@0: $access_result->setReason("The 'access comments' permission is required and the comment must be published."); Chris@0: } Chris@0: Chris@0: return $access_result; Chris@0: Chris@0: case 'update': Chris@17: $access_result = AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments')) Chris@17: ->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity); Chris@17: if (!$access_result->isAllowed()) { Chris@17: $access_result->setReason("The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published."); Chris@17: } Chris@17: return $access_result; Chris@0: Chris@0: default: Chris@0: // No opinion. Chris@0: return AccessResult::neutral()->cachePerPermissions(); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * {@inheritdoc} Chris@0: */ Chris@0: protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { Chris@0: return AccessResult::allowedIfHasPermission($account, 'post comments'); Chris@0: } Chris@0: Chris@0: /** Chris@0: * {@inheritdoc} Chris@0: */ Chris@0: protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) { Chris@0: if ($operation == 'edit') { Chris@0: // Only users with the "administer comments" permission can edit Chris@0: // administrative fields. Chris@0: $administrative_fields = [ Chris@0: 'uid', Chris@0: 'status', Chris@0: 'created', Chris@0: 'date', Chris@0: ]; Chris@0: if (in_array($field_definition->getName(), $administrative_fields, TRUE)) { Chris@0: return AccessResult::allowedIfHasPermission($account, 'administer comments'); Chris@0: } Chris@0: Chris@0: // No user can change read-only fields. Chris@0: $read_only_fields = [ Chris@0: 'hostname', Chris@0: 'changed', Chris@0: 'cid', Chris@0: 'thread', Chris@0: ]; Chris@0: // These fields can be edited during comment creation. Chris@0: $create_only_fields = [ Chris@0: 'comment_type', Chris@0: 'uuid', Chris@0: 'entity_id', Chris@0: 'entity_type', Chris@0: 'field_name', Chris@0: 'pid', Chris@0: ]; Chris@0: if ($items && ($entity = $items->getEntity()) && $entity->isNew() && in_array($field_definition->getName(), $create_only_fields, TRUE)) { Chris@0: // We are creating a new comment, user can edit create only fields. Chris@0: return AccessResult::allowedIfHasPermission($account, 'post comments')->addCacheableDependency($entity); Chris@0: } Chris@0: // We are editing an existing comment - create only fields are now read Chris@0: // only. Chris@0: $read_only_fields = array_merge($read_only_fields, $create_only_fields); Chris@0: if (in_array($field_definition->getName(), $read_only_fields, TRUE)) { Chris@0: return AccessResult::forbidden(); Chris@0: } Chris@0: Chris@0: // If the field is configured to accept anonymous contact details - admins Chris@0: // can edit name, homepage and mail. Anonymous users can also fill in the Chris@0: // fields on comment creation. Chris@0: if (in_array($field_definition->getName(), ['name', 'mail', 'homepage'], TRUE)) { Chris@0: if (!$items) { Chris@0: // We cannot make a decision about access to edit these fields if we Chris@0: // don't have any items and therefore cannot determine the Comment Chris@0: // entity. In this case we err on the side of caution and prevent edit Chris@0: // access. Chris@0: return AccessResult::forbidden(); Chris@0: } Chris@0: $is_name = $field_definition->getName() === 'name'; Chris@0: /** @var \Drupal\comment\CommentInterface $entity */ Chris@0: $entity = $items->getEntity(); Chris@0: $commented_entity = $entity->getCommentedEntity(); Chris@0: $anonymous_contact = $commented_entity->get($entity->getFieldName())->getFieldDefinition()->getSetting('anonymous'); Chris@0: $admin_access = AccessResult::allowedIfHasPermission($account, 'administer comments'); Chris@18: $anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && ($anonymous_contact != CommentInterface::ANONYMOUS_MAYNOT_CONTACT || $is_name) && $account->hasPermission('post comments')) Chris@0: ->cachePerPermissions() Chris@0: ->addCacheableDependency($entity) Chris@0: ->addCacheableDependency($field_definition->getConfig($commented_entity->bundle())) Chris@0: ->addCacheableDependency($commented_entity); Chris@0: return $admin_access->orIf($anonymous_access); Chris@0: } Chris@0: } Chris@0: Chris@0: if ($operation == 'view') { Chris@0: // Nobody has access to the hostname. Chris@0: if ($field_definition->getName() == 'hostname') { Chris@0: return AccessResult::forbidden(); Chris@0: } Chris@0: // The mail field is hidden from non-admins. Chris@0: if ($field_definition->getName() == 'mail') { Chris@0: return AccessResult::allowedIfHasPermission($account, 'administer comments'); Chris@0: } Chris@0: } Chris@0: return parent::checkFieldAccess($operation, $field_definition, $account, $items); Chris@0: } Chris@0: Chris@0: }