Chris@0: currentUser->hasPermission('administer comments')) { Chris@0: $query->condition('status', CommentInterface::PUBLISHED); Chris@0: } Chris@0: return $query; Chris@0: } Chris@0: Chris@0: /** Chris@0: * {@inheritdoc} Chris@0: */ Chris@0: public function createNewEntity($entity_type_id, $bundle, $label, $uid) { Chris@0: $comment = parent::createNewEntity($entity_type_id, $bundle, $label, $uid); Chris@0: Chris@0: // In order to create a referenceable comment, it needs to published. Chris@0: /** @var \Drupal\comment\CommentInterface $comment */ Chris@17: $comment->setPublished(); Chris@0: Chris@0: return $comment; Chris@0: } Chris@0: Chris@0: /** Chris@0: * {@inheritdoc} Chris@0: */ Chris@0: public function validateReferenceableNewEntities(array $entities) { Chris@0: $entities = parent::validateReferenceableNewEntities($entities); Chris@0: // Mirror the conditions checked in buildEntityQuery(). Chris@0: if (!$this->currentUser->hasPermission('administer comments')) { Chris@0: $entities = array_filter($entities, function ($comment) { Chris@0: /** @var \Drupal\comment\CommentInterface $comment */ Chris@0: return $comment->isPublished(); Chris@0: }); Chris@0: } Chris@0: return $entities; Chris@0: } Chris@0: Chris@0: /** Chris@0: * {@inheritdoc} Chris@0: */ Chris@0: public function entityQueryAlter(SelectInterface $query) { Chris@0: parent::entityQueryAlter($query); Chris@0: Chris@0: $tables = $query->getTables(); Chris@0: $data_table = 'comment_field_data'; Chris@0: if (!isset($tables['comment_field_data']['alias'])) { Chris@0: // If no conditions join against the comment data table, it should be Chris@0: // joined manually to allow node access processing. Chris@0: $query->innerJoin($data_table, NULL, "base_table.cid = $data_table.cid AND $data_table.default_langcode = 1"); Chris@0: } Chris@0: Chris@0: // The Comment module doesn't implement any proper comment access, Chris@0: // and as a consequence doesn't make sure that comments cannot be viewed Chris@0: // when the user doesn't have access to the node. Chris@0: $node_alias = $query->innerJoin('node_field_data', 'n', '%alias.nid = ' . $data_table . '.entity_id AND ' . $data_table . ".entity_type = 'node'"); Chris@0: // Pass the query to the node access control. Chris@0: $this->reAlterQuery($query, 'node_access', $node_alias); Chris@0: Chris@0: // Passing the query to node_query_node_access_alter() is sadly Chris@0: // insufficient for nodes. Chris@14: // @see \Drupal\node\Plugin\EntityReferenceSelection\NodeSelection::buildEntityQuery() Chris@0: if (!$this->currentUser->hasPermission('bypass node access') && !count($this->moduleHandler->getImplementations('node_grants'))) { Chris@0: $query->condition($node_alias . '.status', 1); Chris@0: } Chris@0: } Chris@0: Chris@0: }