* Allows access to terms in a vocabulary to be limited by user or role.
*/
-use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Cache\Cache;
+use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormState;
-use Drupal\permissions_by_term\Controller\PermissionsByTermController;
use Drupal\Core\Form\FormStateInterface;
-use Drupal\node\NodeInterface;
+use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Session\AccountInterface;
-use Drupal\permissions_by_term\Event\PermissionsByTermDeniedEvent;
+use Drupal\node\NodeInterface;
use Drupal\taxonomy\Entity\Term;
-use Drupal\Core\Routing\RouteMatchInterface;
-use Drupal\Core\Cache\Cache;
/**
* Implements hook_help().
$not_allowed_term_names = [];
if (!empty($terms)) {
foreach ($terms as $term) {
- $term_id = $term['target_id'];
- /* @var \Drupal\permissions_by_term\Service\AccessCheck $access_check_service */
- $access_check_service = \Drupal::service('permissions_by_term.access_check');
- if (!$access_check_service->isAccessAllowedByDatabase($term_id)) {
- $term = Term::load($term_id);
- $not_allowed_term_names[] = $term->getName();
+ if (!empty($term['target_id'])) {
+ $term_id = $term['target_id'];
+ /* @var \Drupal\permissions_by_term\Service\AccessCheck $access_check_service */
+ $access_check_service = \Drupal::service('permissions_by_term.access_check');
+ if (!$access_check_service->isAccessAllowedByDatabase($term_id)) {
+ $term = Term::load($term_id);
+ $not_allowed_term_names[] = $term->getName();
+ }
}
}
}
$access_storage = \Drupal::service('permissions_by_term.access_storage');
$access_update = $access_storage->saveTermPermissions($formState, $termId);
- // Check if we need to rebuild node_access by term id
- $invalidate_cache_tag = false;
+ // Check if we need to rebuild cache and node_access
+ $rebuild_cache_and_node_access = false;
// Has anything has changed?
foreach($access_update as $values) {
if(!empty($values)) {
- $invalidate_cache_tag = true;
+ $rebuild_cache_and_node_access = true;
break;
}
}
- // Do we need to flush the cache?
- if($invalidate_cache_tag === true) {
+ // Do we need to flush the cache and the node access records?
+ if($rebuild_cache_and_node_access === true) {
+ node_access_rebuild(TRUE);
Cache::invalidateTags(['search_index:node_search']);
}
}
/**
* Implements hook_form_alter().
*/
-function permissions_by_term_form_taxonomy_term_form_alter(&$form, FormStateInterface $oFormState, $form_id) {
+function permissions_by_term_form_taxonomy_term_form_alter(&$form, FormStateInterface $formState, $form_id) {
if (\Drupal::currentUser()->hasPermission('show term permission form on term page')) {
- $iTermId = $oFormState->getFormObject()->getEntity()->id();
+ $termId = $formState->getFormObject()->getEntity()->id();
/* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
$access_storage = \Drupal::service('permissions_by_term.access_storage');
+ $description = <<<EOT
+To limit access to this term by user(s) or role(s), select users or roles above.
+If left empty, all users will have access to content, related to this taxonomy term
+and this taxonomy term itself.
+EOT;
+
$form['access'] = [
- '#type' => 'fieldset',
- '#title' => t('Permissions'),
- '#description' => t('To limit access to this term by user or roles,
- add users or roles to the following lists. Leave empty to allow
- node access by single node view, node listing in views and taxonomy
- term selection by all users.'),
- '#collapsible' => TRUE,
- '#collapsed' => TRUE,
- '#attributes' => ['id' => 'fieldset_term_access'],
- '#weight' => -5,
- '#tree' => TRUE,
+ '#type' => 'details',
+ '#title' => t('Permissions'),
+ '#description' => t($description),
+ '#attributes' => ['id' => 'fieldset_term_access'],
+ '#weight' => -5,
+ '#tree' => TRUE,
];
- $aAllowedUsers = $access_storage->getAllowedUserIds($iTermId);
+ $langcode = \Drupal::languageManager()->getCurrentLanguage()->getId();
+ if (!empty($formState->getValue('langcode'))) {
+ $langcode = $formState->getValue('langcode')['0']['value'];
+ }
+
+ $aAllowedUsers = $access_storage->getAllowedUserIds($termId, $langcode);
if (!empty($aAllowedUsers)) {
$aAllowedUsers = user_load_multiple($aAllowedUsers);
$sUserFormValue = $access_storage->getUserFormValue($aAllowedUsers);
$sUserFormValue = NULL;
}
+ $description = <<<EOT
+Enter a comma-separated list of user names who will be able to access content,
+related to this taxonomy term.
+EOT;
+
// Note that the autocomplete widget will only enable for users with the
// 'access profiles' permission. Other users will have to specify the name
// manually.
$form['access']['user'] = [
- '#type' => 'entity_autocomplete',
- '#target_type' => 'user',
- '#title' => t('Allowed users'),
- '#description' => t('Enter a comma-seperated list of user names to give') . ' ' .
- t('them permission to use this term and access related nodes in single node view
- and views listings.'),
- '#value' => $sUserFormValue,
- '#size' => 60,
+ '#type' => 'entity_autocomplete',
+ '#target_type' => 'user',
+ '#title' => t('Allowed users'),
+ '#description' => t($description),
+ '#value' => $sUserFormValue,
+ '#size' => 60,
'#autocomplete_route_name' => 'permissions_by_term.autocomplete_multiple',
- '#weight' => -10,
+ '#weight' => -10,
];
- $aAllowedRoles = $access_storage->getRoleTermPermissionsByTid($iTermId);
+ $aAllowedRoles = $access_storage->getRoleTermPermissionsByTid($termId, $langcode);
// Firstly fetch all translated allowed role names.
$aTranslatedAllowedRoleNames = [];
}
}
+ $description = <<<EOT
+Select user roles who will be able to access content, related to this taxonomy term.
+EOT;
+
// Now, lets do the Roles table.
$form['access']['role'] = [
- '#type' => 'checkboxes',
- '#title' => t('Allowed roles'),
- '#description' => t('Select a role to allow all members of this role to
- use this term and access related nodes in single node view and views
- listings.'),
+ '#type' => 'checkboxes',
+ '#title' => t('Allowed roles'),
+ '#description' => t($description),
'#default_value' => $aSetRoles,
- '#options' => $aTranslatedUserRoles,
- '#multiple' => FALSE,
- '#weight' => 5,
+ '#options' => $aTranslatedUserRoles,
+ '#multiple' => FALSE,
+ '#weight' => 5,
];
$form['#validate'][] = 'permissions_by_term_validate';
/**
* Implements hook_form_alter().
*/
-function permissions_by_term_form_alter(&$form, FormStateInterface $oFormState, $form_id) {
+function permissions_by_term_form_alter(&$form, FormStateInterface $formState, $form_id) {
$form['#validate'][] = 'permissions_by_term_validate';
if (isNodeEditForm()) {
$form['permissions_by_term_info'] = [
'#access' => \Drupal::currentUser()->hasPermission('show term permissions on node edit page'),
];
+ $langcode = \Drupal::languageManager()->getCurrentLanguage()->getId();
+ if (!empty($formState->getUserInput()['langcode']['0']['value'])) {
+ $langcode = $formState->getUserInput()['langcode']['0']['value'];
+ }
+
$nid = null;
if (!empty($node = \Drupal::routeMatch()->getParameter('node'))) {
$nid = $node->id();
$form['permissions_by_term_info']['revision'] = array(
'#type' => 'item',
- '#markup' => $nodeEntityBundleInfo->renderNodeDetails($viewFilePath, $nid),
+ '#markup' => $nodeEntityBundleInfo->renderNodeDetails($viewFilePath, $langcode, $nid),
);
$form['#attached']['library'][] = 'permissions_by_term/nodeForm';
* through the administrative interface.
*/
function permissions_by_term_node_access(NodeInterface $node, $op, AccountInterface $account) {
- if (method_exists($node, 'id') && ($op == 'view' OR $op == 'update' OR $op == 'delete')) {
- if (!$node->isPublished() && !$account->hasPermission('Bypass content access control', $account)) {
- $eventDispatcher = \Drupal::service('event_dispatcher');
- $accessDeniedEvent = new PermissionsByTermDeniedEvent($node->id());
- $eventDispatcher->dispatch(PermissionsByTermDeniedEvent::NAME, $accessDeniedEvent);
-
- return AccessResult::forbidden();
- }
+ /* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck */
+ $accessCheck = \Drupal::service('permissions_by_term.access_check');
- /* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck */
- $accessCheck = \Drupal::service('permissions_by_term.access_check');
-
- return $accessCheck->handleNode($node->id());
- }
+ return $accessCheck->handleNode($node->id(), $node->language()->getId());
}
/**
foreach ($access_storage->getTidsByNid($node->id()) as $tid) {
/* @var \Drupal\permissions_by_term\Service\AccessCheck $access_check_service */
$access_check_service = \Drupal::service('permissions_by_term.access_check');
- if ($access_check_service->isAnyPermissionSetForTerm($tid)) {
+ if($node->language()->getId() == 'und'){
+ // Current system default language
+ $language = \Drupal::languageManager()->getCurrentLanguage()->getId();
+ }
+ else {
+ $language = $node->language()->getId();
+ }
+ if ($access_check_service->isAnyPermissionSetForTerm($tid, $language)) {
$has_term_access_restrictions = TRUE;
break;
}
$grantObject = $nodeAccess->createGrant($node->id(), $node->id());
$grants[] = [
- 'realm' => $grantObject->realm,
- 'gid' => $grantObject->gid,
- 'grant_view' => $grantObject->grant_view,
+ 'realm' => $grantObject->realm,
+ 'gid' => $grantObject->gid,
+ 'grant_view' => $grantObject->grant_view,
'grant_update' => $grantObject->grant_update,
'grant_delete' => $grantObject->grant_delete,
- 'langcode' => $grantObject->langcode,
- 'fallback' => 1,
- 'nid' => $node->id(),
+ 'nid' => $node->id(),
];
return $grants;
if (!empty($fieldDefinitionSettings['target_type']) && $fieldDefinitionSettings['target_type'] == 'taxonomy_term') {
foreach ($options as $id => $names) {
if ($id !== '_none') {
- /**
- * @var \Drupal\permissions_by_term\Service\Term $term
- */
- $term = \Drupal::service('permissions_by_term.term');
-
/**
* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck
*/
$accessCheck = \Drupal::service('permissions_by_term.access_check');
if (is_array($names)) {
- foreach ($names as $name) {
- if (!$accessCheck->isAccessAllowedByDatabase($term->getTermIdByName($name))) {
+ foreach ($names as $group_id => $name) {
+ if (!$accessCheck->isAccessAllowedByDatabase($group_id)) {
unset($options[$id]);
}
}
} elseif(is_string($names)) {
- if (!$accessCheck->isAccessAllowedByDatabase($term->getTermIdByName($names))) {
+ if (!$accessCheck->isAccessAllowedByDatabase($id)) {
unset($options[$id]);
}
}
$access_storage = \Drupal::service('permissions_by_term.access_storage');
$access_storage->deleteAllTermPermissionsByUserId($deleted_user_id);
}
+
+/**
+ * Implements hook_ENTITY_TYPE_delete().
+ *
+ * Deletes all term permissions from storage when a term is deleted.
+ */
+function permissions_by_term_taxonomy_term_delete(EntityInterface $entity) {
+ /* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
+ $access_storage = \Drupal::service('permissions_by_term.access_storage');
+ $access_storage->deleteAllTermPermissionsByTid($entity->id());
+}