Chris@0: 0, Chris@0: * 'gid' => 888, Chris@0: * 'realm' => 'example_realm', Chris@0: * 'grant_view' => 1, Chris@0: * 'grant_update' => 0, Chris@0: * 'grant_delete' => 0, Chris@0: * ); Chris@18: * \Drupal::database()->insert('node_access')->fields($record)->execute(); Chris@0: * @endcode Chris@0: * And then in its hook_node_grants() implementation, it would need to return: Chris@0: * @code Chris@0: * if ($op == 'view') { Chris@0: * $grants['example_realm'] = array(888); Chris@0: * } Chris@0: * @endcode Chris@0: * If you decide to do this, be aware that the node_access_rebuild() function Chris@0: * will erase any node ID 0 entry when it is called, so you will need to make Chris@0: * sure to restore your {node_access} record after node_access_rebuild() is Chris@0: * called. Chris@0: * Chris@0: * For a detailed example, see node_access_example.module. Chris@0: * Chris@0: * @param \Drupal\Core\Session\AccountInterface $account Chris@0: * The account object whose grants are requested. Chris@0: * @param string $op Chris@0: * The node operation to be performed, such as 'view', 'update', or 'delete'. Chris@0: * Chris@0: * @return array Chris@0: * An array whose keys are "realms" of grants, and whose values are arrays of Chris@0: * the grant IDs within this realm that this user is being granted. Chris@0: * Chris@0: * @see node_access_view_all_nodes() Chris@0: * @see node_access_rebuild() Chris@0: * @ingroup node_access Chris@0: */ Chris@0: function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) { Chris@0: if ($account->hasPermission('access private content')) { Chris@0: $grants['example'] = [1]; Chris@0: } Chris@0: if ($account->id()) { Chris@0: $grants['example_author'] = [$account->id()]; Chris@0: } Chris@0: return $grants; Chris@0: } Chris@0: Chris@0: /** Chris@0: * Set permissions for a node to be written to the database. Chris@0: * Chris@0: * When a node is saved, a module implementing hook_node_access_records() will Chris@0: * be asked if it is interested in the access permissions for a node. If it is Chris@0: * interested, it must respond with an array of permissions arrays for that Chris@0: * node. Chris@0: * Chris@0: * Node access grants apply regardless of the published or unpublished status Chris@0: * of the node. Implementations must make sure not to grant access to Chris@0: * unpublished nodes if they don't want to change the standard access control Chris@0: * behavior. Your module may need to create a separate access realm to handle Chris@0: * access to unpublished nodes. Chris@0: * Chris@0: * Note that the grant values in the return value from your hook must be Chris@0: * integers and not boolean TRUE and FALSE. Chris@0: * Chris@0: * Each permissions item in the array is an array with the following elements: Chris@0: * - 'realm': The name of a realm that the module has defined in Chris@0: * hook_node_grants(). Chris@0: * - 'gid': A 'grant ID' from hook_node_grants(). Chris@0: * - 'grant_view': If set to 1 a user that has been identified as a member Chris@0: * of this gid within this realm can view this node. This should usually be Chris@0: * set to $node->isPublished(). Failure to do so may expose unpublished content Chris@0: * to some users. Chris@0: * - 'grant_update': If set to 1 a user that has been identified as a member Chris@0: * of this gid within this realm can edit this node. Chris@0: * - 'grant_delete': If set to 1 a user that has been identified as a member Chris@0: * of this gid within this realm can delete this node. Chris@0: * - langcode: (optional) The language code of a specific translation of the Chris@0: * node, if any. Modules may add this key to grant different access to Chris@0: * different translations of a node, such that (e.g.) a particular group is Chris@0: * granted access to edit the Catalan version of the node, but not the Chris@0: * Hungarian version. If no value is provided, the langcode is set Chris@0: * automatically from the $node parameter and the node's original language (if Chris@0: * specified) is used as a fallback. Only specify multiple grant records with Chris@0: * different languages for a node if the site has those languages configured. Chris@0: * Chris@0: * A "deny all" grant may be used to deny all access to a particular node or Chris@0: * node translation: Chris@0: * @code Chris@0: * $grants[] = array( Chris@0: * 'realm' => 'all', Chris@0: * 'gid' => 0, Chris@0: * 'grant_view' => 0, Chris@0: * 'grant_update' => 0, Chris@0: * 'grant_delete' => 0, Chris@0: * 'langcode' => 'ca', Chris@0: * ); Chris@0: * @endcode Chris@0: * Note that another module node access module could override this by granting Chris@0: * access to one or more nodes, since grants are additive. To enforce that Chris@0: * access is denied in a particular case, use hook_node_access_records_alter(). Chris@0: * Also note that a deny all is not written to the database; denies are Chris@0: * implicit. Chris@0: * Chris@0: * @param \Drupal\node\NodeInterface $node Chris@0: * The node that has just been saved. Chris@0: * Chris@0: * @return Chris@0: * An array of grants as defined above. Chris@0: * Chris@0: * @see hook_node_access_records_alter() Chris@0: * @ingroup node_access Chris@0: */ Chris@0: function hook_node_access_records(\Drupal\node\NodeInterface $node) { Chris@0: // We only care about the node if it has been marked private. If not, it is Chris@0: // treated just like any other node and we completely ignore it. Chris@0: if ($node->private->value) { Chris@0: $grants = []; Chris@0: // Only published Catalan translations of private nodes should be viewable Chris@0: // to all users. If we fail to check $node->isPublished(), all users would be able Chris@0: // to view an unpublished node. Chris@0: if ($node->isPublished()) { Chris@0: $grants[] = [ Chris@0: 'realm' => 'example', Chris@0: 'gid' => 1, Chris@0: 'grant_view' => 1, Chris@0: 'grant_update' => 0, Chris@0: 'grant_delete' => 0, Chris@17: 'langcode' => 'ca', Chris@0: ]; Chris@0: } Chris@0: // For the example_author array, the GID is equivalent to a UID, which Chris@0: // means there are many groups of just 1 user. Chris@0: // Note that an author can always view his or her nodes, even if they Chris@0: // have status unpublished. Chris@0: if ($node->getOwnerId()) { Chris@0: $grants[] = [ Chris@0: 'realm' => 'example_author', Chris@0: 'gid' => $node->getOwnerId(), Chris@0: 'grant_view' => 1, Chris@0: 'grant_update' => 1, Chris@0: 'grant_delete' => 1, Chris@17: 'langcode' => 'ca', Chris@0: ]; Chris@0: } Chris@0: Chris@0: return $grants; Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Alter permissions for a node before it is written to the database. Chris@0: * Chris@0: * Node access modules establish rules for user access to content. Node access Chris@0: * records are stored in the {node_access} table and define which permissions Chris@0: * are required to access a node. This hook is invoked after node access modules Chris@0: * returned their requirements via hook_node_access_records(); doing so allows Chris@0: * modules to modify the $grants array by reference before it is stored, so Chris@0: * custom or advanced business logic can be applied. Chris@0: * Chris@0: * Upon viewing, editing or deleting a node, hook_node_grants() builds a Chris@0: * permissions array that is compared against the stored access records. The Chris@0: * user must have one or more matching permissions in order to complete the Chris@0: * requested operation. Chris@0: * Chris@0: * A module may deny all access to a node by setting $grants to an empty array. Chris@0: * Chris@0: * The preferred use of this hook is in a module that bridges multiple node Chris@0: * access modules with a configurable behavior, as shown in the example with the Chris@0: * 'is_preview' field. Chris@0: * Chris@0: * @param array $grants Chris@0: * The $grants array returned by hook_node_access_records(). Chris@0: * @param \Drupal\node\NodeInterface $node Chris@0: * The node for which the grants were acquired. Chris@0: * Chris@0: * @see hook_node_access_records() Chris@0: * @see hook_node_grants() Chris@0: * @see hook_node_grants_alter() Chris@0: * @ingroup node_access Chris@0: */ Chris@0: function hook_node_access_records_alter(&$grants, Drupal\node\NodeInterface $node) { Chris@0: // Our module allows editors to mark specific articles with the 'is_preview' Chris@0: // field. If the node being saved has a TRUE value for that field, then only Chris@0: // our grants are retained, and other grants are removed. Doing so ensures Chris@0: // that our rules are enforced no matter what priority other grants are given. Chris@0: if ($node->is_preview) { Chris@0: // Our module grants are set in $grants['example']. Chris@0: $temp = $grants['example']; Chris@0: // Now remove all module grants but our own. Chris@0: $grants = ['example' => $temp]; Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Alter user access rules when trying to view, edit or delete a node. Chris@0: * Chris@0: * Node access modules establish rules for user access to content. Chris@0: * hook_node_grants() defines permissions for a user to view, edit or delete Chris@0: * nodes by building a $grants array that indicates the permissions assigned to Chris@0: * the user by each node access module. This hook is called to allow modules to Chris@0: * modify the $grants array by reference, so the interaction of multiple node Chris@0: * access modules can be altered or advanced business logic can be applied. Chris@0: * Chris@0: * The resulting grants are then checked against the records stored in the Chris@0: * {node_access} table to determine if the operation may be completed. Chris@0: * Chris@0: * A module may deny all access to a user by setting $grants to an empty array. Chris@0: * Chris@0: * Developers may use this hook to either add additional grants to a user or to Chris@0: * remove existing grants. These rules are typically based on either the Chris@0: * permissions assigned to a user role, or specific attributes of a user Chris@0: * account. Chris@0: * Chris@0: * @param array $grants Chris@0: * The $grants array returned by hook_node_grants(). Chris@0: * @param \Drupal\Core\Session\AccountInterface $account Chris@0: * The account requesting access to content. Chris@0: * @param string $op Chris@0: * The operation being performed, 'view', 'update' or 'delete'. Chris@0: * Chris@0: * @see hook_node_grants() Chris@0: * @see hook_node_access_records() Chris@0: * @see hook_node_access_records_alter() Chris@0: * @ingroup node_access Chris@0: */ Chris@0: function hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface $account, $op) { Chris@0: // Our sample module never allows certain roles to edit or delete Chris@0: // content. Since some other node access modules might allow this Chris@0: // permission, we expressly remove it by returning an empty $grants Chris@0: // array for roles specified in our variable setting. Chris@0: Chris@0: // Get our list of banned roles. Chris@0: $restricted = \Drupal::config('example.settings')->get('restricted_roles'); Chris@0: Chris@0: if ($op != 'view' && !empty($restricted)) { Chris@0: // Now check the roles for this account against the restrictions. Chris@0: foreach ($account->getRoles() as $rid) { Chris@0: if (in_array($rid, $restricted)) { Chris@0: $grants = []; Chris@0: } Chris@0: } Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Controls access to a node. Chris@0: * Chris@0: * Modules may implement this hook if they want to have a say in whether or not Chris@0: * a given user has access to perform a given operation on a node. Chris@0: * Chris@0: * The administrative account (user ID #1) always passes any access check, so Chris@0: * this hook is not called in that case. Users with the "bypass node access" Chris@0: * permission may always view and edit content through the administrative Chris@0: * interface. Chris@0: * Chris@17: * The access to a node can be influenced in several ways: Chris@17: * - To explicitly allow access, return an AccessResultInterface object with Chris@17: * isAllowed() returning TRUE. Other modules can override this access by Chris@17: * returning TRUE for isForbidden(). Chris@17: * - To explicitly forbid access, return an AccessResultInterface object with Chris@17: * isForbidden() returning TRUE. Access will be forbidden even if your module Chris@17: * (or another module) also returns TRUE for isNeutral() or isAllowed(). Chris@17: * - To neither allow nor explicitly forbid access, return an Chris@17: * AccessResultInterface object with isNeutral() returning TRUE. Chris@17: * - If your module does not return an AccessResultInterface object, neutral Chris@17: * access will be assumed. Chris@0: * Chris@0: * Also note that this function isn't called for node listings (e.g., RSS feeds, Chris@0: * the default home page at path 'node', a recent content block, etc.) See Chris@0: * @link node_access Node access rights @endlink for a full explanation. Chris@0: * Chris@0: * @param \Drupal\node\NodeInterface|string $node Chris@0: * Either a node entity or the machine name of the content type on which to Chris@0: * perform the access check. Chris@0: * @param string $op Chris@0: * The operation to be performed. Possible values: Chris@0: * - "create" Chris@0: * - "delete" Chris@0: * - "update" Chris@0: * - "view" Chris@0: * @param \Drupal\Core\Session\AccountInterface $account Chris@0: * The user object to perform the access check operation on. Chris@0: * Chris@0: * @return \Drupal\Core\Access\AccessResultInterface Chris@0: * The access result. Chris@0: * Chris@0: * @ingroup node_access Chris@0: */ Chris@0: function hook_node_access(\Drupal\node\NodeInterface $node, $op, \Drupal\Core\Session\AccountInterface $account) { Chris@0: $type = $node->bundle(); Chris@0: Chris@0: switch ($op) { Chris@0: case 'create': Chris@0: return AccessResult::allowedIfHasPermission($account, 'create ' . $type . ' content'); Chris@0: Chris@0: case 'update': Chris@17: if ($account->hasPermission('edit any ' . $type . ' content')) { Chris@0: return AccessResult::allowed()->cachePerPermissions(); Chris@0: } Chris@0: else { Chris@17: return AccessResult::allowedIf($account->hasPermission('edit own ' . $type . ' content') && ($account->id() == $node->getOwnerId()))->cachePerPermissions()->cachePerUser()->addCacheableDependency($node); Chris@0: } Chris@0: Chris@0: case 'delete': Chris@17: if ($account->hasPermission('delete any ' . $type . ' content')) { Chris@0: return AccessResult::allowed()->cachePerPermissions(); Chris@0: } Chris@0: else { Chris@17: return AccessResult::allowedIf($account->hasPermission('delete own ' . $type . ' content') && ($account->id() == $node->getOwnerId()))->cachePerPermissions()->cachePerUser()->addCacheableDependency($node); Chris@0: } Chris@0: Chris@0: default: Chris@0: // No opinion. Chris@0: return AccessResult::neutral(); Chris@0: } Chris@0: } Chris@0: Chris@0: /** Chris@0: * Act on a node being displayed as a search result. Chris@0: * Chris@0: * This hook is invoked from the node search plugin during search execution, Chris@0: * after loading and rendering the node. Chris@0: * Chris@0: * @param \Drupal\node\NodeInterface $node Chris@0: * The node being displayed in a search result. Chris@0: * Chris@0: * @return array Chris@0: * Extra information to be displayed with search result. This information Chris@0: * should be presented as an associative array. It will be concatenated with Chris@0: * the post information (last updated, author) in the default search result Chris@0: * theming. Chris@0: * Chris@0: * @see template_preprocess_search_result() Chris@0: * @see search-result.html.twig Chris@0: * Chris@0: * @ingroup entity_crud Chris@0: */ Chris@0: function hook_node_search_result(\Drupal\node\NodeInterface $node) { Chris@0: $rating = db_query('SELECT SUM(points) FROM {my_rating} WHERE nid = :nid', ['nid' => $node->id()])->fetchField(); Chris@0: return ['rating' => \Drupal::translation()->formatPlural($rating, '1 point', '@count points')]; Chris@0: } Chris@0: Chris@0: /** Chris@0: * Act on a node being indexed for searching. Chris@0: * Chris@0: * This hook is invoked during search indexing, after loading, and after the Chris@0: * result of rendering is added as $node->rendered to the node object. Chris@0: * Chris@0: * @param \Drupal\node\NodeInterface $node Chris@0: * The node being indexed. Chris@0: * Chris@0: * @return string Chris@0: * Additional node information to be indexed. Chris@0: * Chris@0: * @ingroup entity_crud Chris@0: */ Chris@0: function hook_node_update_index(\Drupal\node\NodeInterface $node) { Chris@0: $text = ''; Chris@0: $ratings = db_query('SELECT title, description FROM {my_ratings} WHERE nid = :nid', [':nid' => $node->id()]); Chris@0: foreach ($ratings as $rating) { Chris@0: $text .= '