Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\node\Cache;
Chris@0: 
Chris@0: use Drupal\Core\Cache\CacheableMetadata;
Chris@0: use Drupal\Core\Cache\Context\CalculatedCacheContextInterface;
Chris@0: use Drupal\Core\Cache\Context\UserCacheContextBase;
Chris@0: 
Chris@0: /**
Chris@0:  * Defines the node access view cache context service.
Chris@0:  *
Chris@0:  * Cache context ID: 'user.node_grants' (to vary by all operations' grants).
Chris@0:  * Calculated cache context ID: 'user.node_grants:%operation', e.g.
Chris@0:  * 'user.node_grants:view' (to vary by the view operation's grants).
Chris@0:  *
Chris@0:  * This allows for node access grants-sensitive caching when listing nodes.
Chris@0:  *
Chris@0:  * @see node_query_node_access_alter()
Chris@0:  * @ingroup node_access
Chris@0:  */
Chris@0: class NodeAccessGrantsCacheContext extends UserCacheContextBase implements CalculatedCacheContextInterface {
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public static function getLabel() {
Chris@0:     return t("Content access view grants");
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function getContext($operation = NULL) {
Chris@0:     // If the current user either can bypass node access then we don't need to
Chris@0:     // determine the exact node grants for the current user.
Chris@0:     if ($this->user->hasPermission('bypass node access')) {
Chris@0:       return 'all';
Chris@0:     }
Chris@0: 
Chris@0:     // When no specific operation is specified, check the grants for all three
Chris@0:     // possible operations.
Chris@0:     if ($operation === NULL) {
Chris@0:       $result = [];
Chris@0:       foreach (['view', 'update', 'delete'] as $op) {
Chris@0:         $result[] = $this->checkNodeGrants($op);
Chris@0:       }
Chris@0:       return implode('-', $result);
Chris@0:     }
Chris@0:     else {
Chris@0:       return $this->checkNodeGrants($operation);
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Checks the node grants for the given operation.
Chris@0:    *
Chris@0:    * @param string $operation
Chris@0:    *   The operation to check the node grants for.
Chris@0:    *
Chris@0:    * @return string
Chris@0:    *   The string representation of the cache context.
Chris@0:    */
Chris@0:   protected function checkNodeGrants($operation) {
Chris@0:     // When checking the grants for the 'view' operation and the current user
Chris@0:     // has a global view grant (i.e. a view grant for node ID 0) — note that
Chris@0:     // this is automatically the case if no node access modules exist (no
Chris@0:     // hook_node_grants() implementations) then we don't need to determine the
Chris@0:     // exact node view grants for the current user.
Chris@0:     if ($operation === 'view' && node_access_view_all_nodes($this->user)) {
Chris@0:       return 'view.all';
Chris@0:     }
Chris@0: 
Chris@0:     $grants = node_access_grants($operation, $this->user);
Chris@0:     $grants_context_parts = [];
Chris@0:     foreach ($grants as $realm => $gids) {
Chris@0:       $grants_context_parts[] = $realm . ':' . implode(',', $gids);
Chris@0:     }
Chris@0:     return $operation . '.' . implode(';', $grants_context_parts);
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public function getCacheableMetadata($operation = NULL) {
Chris@0:     $cacheable_metadata = new CacheableMetadata();
Chris@0: 
Chris@0:     if (!\Drupal::moduleHandler()->getImplementations('node_grants')) {
Chris@0:       return $cacheable_metadata;
Chris@0:     }
Chris@0: 
Chris@0:     // The node grants may change if the user is updated. (The max-age is set to
Chris@0:     // zero below, but sites may override this cache context, and change it to a
Chris@0:     // non-zero value. In such cases, this cache tag is needed for correctness.)
Chris@0:     $cacheable_metadata->setCacheTags(['user:' . $this->user->id()]);
Chris@0: 
Chris@0:     // If the site is using node grants, this cache context can not be
Chris@0:     // optimized.
Chris@0:     return $cacheable_metadata->setCacheMaxAge(0);
Chris@0:   }
Chris@0: 
Chris@0: }