X-Git-Url: https://yaffs.net/gitweb/?a=blobdiff_plain;f=web%2Fmodules%2Fcontrib%2Fpermissions_by_term%2Fpermissions_by_term.module;h=f8b869c45e6f1312f161adea93e5f4af92f78ffc;hb=refs%2Fheads%2Fd864;hp=5886d9859907ce04adc3c9174b02781d6f174349;hpb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;p=yaffs-website
diff --git a/web/modules/contrib/permissions_by_term/permissions_by_term.module b/web/modules/contrib/permissions_by_term/permissions_by_term.module
index 5886d9859..f8b869c45 100644
--- a/web/modules/contrib/permissions_by_term/permissions_by_term.module
+++ b/web/modules/contrib/permissions_by_term/permissions_by_term.module
@@ -5,15 +5,14 @@
* Allows access to terms in a vocabulary to be limited by user or role.
*/
-use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Cache\Cache;
+use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormState;
-use Drupal\permissions_by_term\Controller\PermissionsByTermController;
use Drupal\Core\Form\FormStateInterface;
-use Drupal\node\NodeInterface;
+use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Session\AccountInterface;
+use Drupal\node\NodeInterface;
use Drupal\taxonomy\Entity\Term;
-use Drupal\Core\Routing\RouteMatchInterface;
-use Drupal\Core\Cache\Cache;
/**
* Implements hook_help().
@@ -27,7 +26,7 @@ function permissions_by_term_help($route_name, RouteMatchInterface $arg) {
ability to restrict setting individual terms on nodes by user
or role. If a user is unable to set any terms for a required
vocabulary, they are blocked from adding or editing content with
- that vocabulary. For more information, see the online documentation for Permissions by Term.', [':PbT-documentation' => 'https://www.drupal.org/project/permissions_by_term']) . '
';
+ that vocabulary. For more information, see the online documentation for Permissions by Term.', [':PbT-documentation' => 'https://www.drupal.org/docs/8/modules/permissions-by-term']) . '';
$output .= '' . t('Uses') . '
';
$output .= '';
$output .= '- ' . t('General') . '
';
@@ -55,12 +54,14 @@ function permissions_by_term_validate($form, FormState $oFormState) {
$not_allowed_term_names = [];
if (!empty($terms)) {
foreach ($terms as $term) {
- $term_id = $term['target_id'];
- /* @var \Drupal\permissions_by_term\AccessCheck $access_check_service */
- $access_check_service = \Drupal::service('permissions_by_term.access_check');
- if (!$access_check_service->isAccessAllowedByDatabase($term_id)) {
- $term = Term::load($term_id);
- $not_allowed_term_names[] = $term->getName();
+ if (!empty($term['target_id'])) {
+ $term_id = $term['target_id'];
+ /* @var \Drupal\permissions_by_term\Service\AccessCheck $access_check_service */
+ $access_check_service = \Drupal::service('permissions_by_term.access_check');
+ if (!$access_check_service->isAccessAllowedByDatabase($term_id)) {
+ $term = Term::load($term_id);
+ $not_allowed_term_names[] = $term->getName();
+ }
}
}
}
@@ -73,8 +74,8 @@ function permissions_by_term_validate($form, FormState $oFormState) {
else {
$term_names = $not_allowed_term_names['0'];
}
- $oFormState->setErrorByName('field_tags', t('You are not allowed to use specific taxonomy terms like the following: "term-names". Remove the restricted taxonomy terms from the form field and try again.',
- ['term-names' => $term_names]));
+ $oFormState->setErrorByName('field_tags', t('You are not allowed to use taxonomy terms like: "@termNames". Remove the restricted taxonomy terms from the form field and try again.',
+ ['@termNames' => $term_names]));
}
}
@@ -83,42 +84,59 @@ function permissions_by_term_validate($form, FormState $oFormState) {
*/
function permissions_by_term_submit($form, FormState $formState) {
$termId = $formState->getFormObject()->getEntity()->id();
- /* @var \Drupal\permissions_by_term\AccessStorage $access_storage */
+ /* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
$access_storage = \Drupal::service('permissions_by_term.access_storage');
- $access_storage->saveTermPermissions($formState, $termId);
- /**
- * @var \Drupal\permissions_by_term\NodeAccess $nodeAccess
- */
- $nodeAccess = \Drupal::service('permissions_by_term.node_access');
- $nodeAccess->rebuildByTid($termId, $formState);
- Cache::invalidateTags(['search_index:node_search']);
+ $access_update = $access_storage->saveTermPermissions($formState, $termId);
+
+ // Check if we need to rebuild cache and node_access
+ $rebuild_cache_and_node_access = false;
+
+ // Has anything has changed?
+ foreach($access_update as $values) {
+ if(!empty($values)) {
+ $rebuild_cache_and_node_access = true;
+ break;
+ }
+ }
+
+ // Do we need to flush the cache and the node access records?
+ if($rebuild_cache_and_node_access === true) {
+ node_access_rebuild(TRUE);
+ Cache::invalidateTags(['search_index:node_search']);
+ }
}
/**
* Implements hook_form_alter().
*/
-function permissions_by_term_form_taxonomy_term_form_alter(&$form, FormStateInterface $oFormState, $form_id) {
+function permissions_by_term_form_taxonomy_term_form_alter(&$form, FormStateInterface $formState, $form_id) {
if (\Drupal::currentUser()->hasPermission('show term permission form on term page')) {
- $iTermId = $oFormState->getFormObject()->getEntity()->id();
+ $termId = $formState->getFormObject()->getEntity()->id();
- /* @var \Drupal\permissions_by_term\AccessStorage $access_storage */
+ /* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
$access_storage = \Drupal::service('permissions_by_term.access_storage');
+ $description = << 'fieldset',
- '#title' => t('Permissions'),
- '#description' => t('To limit access to this term by user or roles,
- add users or roles to the following lists. Leave empty to allow
- node access by single node view, node listing in views and taxonomy
- term selection by all users.'),
- '#collapsible' => TRUE,
- '#collapsed' => TRUE,
- '#attributes' => ['id' => 'fieldset_term_access'],
- '#weight' => -5,
- '#tree' => TRUE,
+ '#type' => 'details',
+ '#title' => t('Permissions'),
+ '#description' => t($description),
+ '#attributes' => ['id' => 'fieldset_term_access'],
+ '#weight' => -5,
+ '#tree' => TRUE,
];
- $aAllowedUsers = $access_storage->getAllowedUserIds($iTermId);
+ $langcode = \Drupal::languageManager()->getCurrentLanguage()->getId();
+ if (!empty($formState->getValue('langcode'))) {
+ $langcode = $formState->getValue('langcode')['0']['value'];
+ }
+
+ $aAllowedUsers = $access_storage->getAllowedUserIds($termId, $langcode);
if (!empty($aAllowedUsers)) {
$aAllowedUsers = user_load_multiple($aAllowedUsers);
$sUserFormValue = $access_storage->getUserFormValue($aAllowedUsers);
@@ -127,23 +145,26 @@ function permissions_by_term_form_taxonomy_term_form_alter(&$form, FormStateInte
$sUserFormValue = NULL;
}
+ $description = << 'entity_autocomplete',
- '#target_type' => 'user',
- '#title' => t('Allowed users'),
- '#description' => t('Enter a comma-seperated list of user names to give') . ' ' .
- t('them permission to use this term and access related nodes in single node view
- and views listings.'),
- '#value' => $sUserFormValue,
- '#size' => 60,
+ '#type' => 'entity_autocomplete',
+ '#target_type' => 'user',
+ '#title' => t('Allowed users'),
+ '#description' => t($description),
+ '#value' => $sUserFormValue,
+ '#size' => 60,
'#autocomplete_route_name' => 'permissions_by_term.autocomplete_multiple',
- '#weight' => -10,
+ '#weight' => -10,
];
- $aAllowedRoles = $access_storage->getExistingRoleTermPermissionsByTid($iTermId);
+ $aAllowedRoles = $access_storage->getRoleTermPermissionsByTid($termId, $langcode);
// Firstly fetch all translated allowed role names.
$aTranslatedAllowedRoleNames = [];
@@ -167,17 +188,19 @@ function permissions_by_term_form_taxonomy_term_form_alter(&$form, FormStateInte
}
}
+ $description = << 'checkboxes',
- '#title' => t('Allowed roles'),
- '#description' => t('Select a role to allow all members of this role to
- use this term and access related nodes in single node view and views
- listings.'),
+ '#type' => 'checkboxes',
+ '#title' => t('Allowed roles'),
+ '#description' => t($description),
'#default_value' => $aSetRoles,
- '#options' => $aTranslatedUserRoles,
- '#multiple' => FALSE,
- '#weight' => 5,
+ '#options' => $aTranslatedUserRoles,
+ '#multiple' => FALSE,
+ '#weight' => 5,
];
$form['#validate'][] = 'permissions_by_term_validate';
@@ -188,8 +211,48 @@ function permissions_by_term_form_taxonomy_term_form_alter(&$form, FormStateInte
/**
* Implements hook_form_alter().
*/
-function permissions_by_term_form_alter(&$form, FormStateInterface $oFormState, $form_id) {
+function permissions_by_term_form_alter(&$form, FormStateInterface $formState, $form_id) {
$form['#validate'][] = 'permissions_by_term_validate';
+ if (isNodeEditForm()) {
+ $form['permissions_by_term_info'] = [
+ '#type' => 'details',
+ '#group' => 'advanced',
+ '#title' => t('Permissions by Term'),
+ '#access' => \Drupal::currentUser()->hasPermission('show term permissions on node edit page'),
+ ];
+
+ $langcode = \Drupal::languageManager()->getCurrentLanguage()->getId();
+ if (!empty($formState->getUserInput()['langcode']['0']['value'])) {
+ $langcode = $formState->getUserInput()['langcode']['0']['value'];
+ }
+
+ $nid = null;
+ if (!empty($node = \Drupal::routeMatch()->getParameter('node'))) {
+ $nid = $node->id();
+ }
+
+ $viewFilePath = drupal_get_path('module', 'permissions_by_term') . '/src/View/node-details.html.twig';
+ /**
+ * @var \Drupal\permissions_by_term\Service\NodeEntityBundleInfo $nodeEntityBundleInfo
+ */
+ $nodeEntityBundleInfo = \Drupal::service('permissions_by_term.node_entity_bundle_info');
+
+ $form['permissions_by_term_info']['revision'] = array(
+ '#type' => 'item',
+ '#markup' => $nodeEntityBundleInfo->renderNodeDetails($viewFilePath, $langcode, $nid),
+ );
+
+ $form['#attached']['library'][] = 'permissions_by_term/nodeForm';
+ }
+}
+
+function isNodeEditForm() {
+ $currentPath = \Drupal::service('path.current')->getPath();
+ if (is_numeric(strpos($currentPath, '/node/'))
+ && (is_numeric(strpos($currentPath, '/edit')) || is_numeric(strpos($currentPath, '/add')))) {
+ return TRUE;
+ }
+ return FALSE;
}
/**
@@ -203,17 +266,10 @@ function permissions_by_term_form_alter(&$form, FormStateInterface $oFormState,
* through the administrative interface.
*/
function permissions_by_term_node_access(NodeInterface $node, $op, AccountInterface $account) {
- if (method_exists($node, 'id') && $op == 'view') {
- if (!$node->isPublished() && !$account->hasPermission('Bypass content access control', $account)) {
- return AccessResult::forbidden();
- }
-
- /* @var \Drupal\permissions_by_term\AccessCheck $access_check_service */
- $access_check_service = \Drupal::service('permissions_by_term.access_check');
- $oPermissionsByTermController = new PermissionsByTermController($access_check_service);
+ /* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck */
+ $accessCheck = \Drupal::service('permissions_by_term.access_check');
- return $oPermissionsByTermController->handleNode($node->id());
- }
+ return $accessCheck->handleNode($node->id(), $node->language()->getId());
}
/**
@@ -223,10 +279,10 @@ function permissions_by_term_node_grants(\Drupal\Core\Session\AccountInterface $
{
if ($op == 'view') {
/**
- * @var \Drupal\permissions_by_term\AccessStorage $accessStorage
+ * @var \Drupal\permissions_by_term\Service\AccessStorage $accessStorage
*/
$accessStorage = \Drupal::service('permissions_by_term.access_storage');
- $grants = $accessStorage->getGidsByRealm('permissions_by_term__uid_' . \Drupal::currentUser()->id());
+ $grants = $accessStorage->getGids(\Drupal::currentUser());
return $grants;
}
@@ -238,27 +294,46 @@ function permissions_by_term_node_grants(\Drupal\Core\Session\AccountInterface $
* Permissions can be rebuild at /admin/reports/status/rebuild.
*/
function permissions_by_term_node_access_records(\Drupal\node\NodeInterface $node) {
+ // Do not return any grants for nodes that this module doesn't manage.
+ if (!$node->isPublished()) {
+ return;
+ }
+ $has_term_access_restrictions = FALSE;
+ /* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
+ $access_storage = \Drupal::service('permissions_by_term.access_storage');
+ foreach ($access_storage->getTidsByNid($node->id()) as $tid) {
+ /* @var \Drupal\permissions_by_term\Service\AccessCheck $access_check_service */
+ $access_check_service = \Drupal::service('permissions_by_term.access_check');
+ if($node->language()->getId() == 'und'){
+ // Current system default language
+ $language = \Drupal::languageManager()->getCurrentLanguage()->getId();
+ }
+ else {
+ $language = $node->language()->getId();
+ }
+ if ($access_check_service->isAnyPermissionSetForTerm($tid, $language)) {
+ $has_term_access_restrictions = TRUE;
+ break;
+ }
+ }
+ if (!$has_term_access_restrictions) {
+ return;
+ }
+
/**
- * @var \Drupal\permissions_by_term\NodeAccess $nodeAccess
+ * @var \Drupal\permissions_by_term\Service\NodeAccess $nodeAccess
*/
$nodeAccess = \Drupal::service('permissions_by_term.node_access');
- $grantsForThisNode = $nodeAccess->createGrants($node->id());
-
- $grants = [];
- if (!empty($grantsForThisNode)) {
- foreach ($grantsForThisNode as $grantObject) {
- $grants[] = [
- 'realm' => $grantObject->realm,
- 'gid' => $grantObject->gid,
- 'grant_view' => $grantObject->grant_view,
- 'grant_update' => $grantObject->grant_update,
- 'grant_delete' => $grantObject->grant_delete,
- 'langcode' => $grantObject->langcode,
- 'fallback' => 1,
- 'nid' => $node->id(),
- ];
- }
- }
+ $grantObject = $nodeAccess->createGrant($node->id(), $node->id());
+
+ $grants[] = [
+ 'realm' => $grantObject->realm,
+ 'gid' => $grantObject->gid,
+ 'grant_view' => $grantObject->grant_view,
+ 'grant_update' => $grantObject->grant_update,
+ 'grant_delete' => $grantObject->grant_delete,
+ 'nid' => $node->id(),
+ ];
return $grants;
}
@@ -267,11 +342,6 @@ function permissions_by_term_node_access_records(\Drupal\node\NodeInterface $nod
* Implements hook_user_insert().
*/
function permissions_by_term_user_insert($user) {
- /**
- * @var \Drupal\permissions_by_term\NodeAccess $nodeAccess
- */
- $nodeAccess = \Drupal::service('permissions_by_term.node_access');
- $nodeAccess->rebuildByUid($user->id(), TRUE);
Cache::invalidateTags(['search_index:node_search']);
}
@@ -279,22 +349,68 @@ function permissions_by_term_user_insert($user) {
* Implements hook_user_update().
*/
function permissions_by_term_user_update($user) {
- /**
- * @var \Drupal\permissions_by_term\NodeAccess $nodeAccess
- */
- $nodeAccess = \Drupal::service('permissions_by_term.node_access');
- $nodeAccess->rebuildByUid($user->id());
- Cache::invalidateTags(['search_index:node_search']);
+ if (\Drupal::currentUser()->hasPermission('administer permissions')) {
+ Cache::invalidateTags(['search_index:node_search']);
+ }
}
/**
* Implements hook_node_insert().
*/
function permissions_by_term_node_insert($node) {
- /**
- * @var \Drupal\permissions_by_term\NodeAccess $nodeAccess
- */
- $nodeAccess = \Drupal::service('permissions_by_term.node_access');
- $nodeAccess->rebuildByNid($node->id());
Cache::invalidateTags(['search_index:node_search']);
}
+
+/**
+ * Implements hook_options_list_alter().
+ */
+function permissions_by_term_options_list_alter(array &$options, array $context) {
+ $fieldDefinitionSettings = $context['fieldDefinition']->getFieldStorageDefinition()->getSettings();
+ if (!empty($fieldDefinitionSettings['target_type']) && $fieldDefinitionSettings['target_type'] == 'taxonomy_term') {
+ foreach ($options as $id => $names) {
+ if ($id !== '_none') {
+ /**
+ * @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck
+ */
+ $accessCheck = \Drupal::service('permissions_by_term.access_check');
+
+ if (is_array($names)) {
+ foreach ($names as $group_id => $name) {
+ if (!$accessCheck->isAccessAllowedByDatabase($group_id)) {
+ unset($options[$id]);
+ }
+ }
+ } elseif(is_string($names)) {
+ if (!$accessCheck->isAccessAllowedByDatabase($id)) {
+ unset($options[$id]);
+ }
+ }
+ }
+
+ }
+ }
+}
+
+/**
+ * Implements hook_user_cancel().
+ *
+ * Deletes all term permissions for a user when their account is cancelled.
+ */
+function permissions_by_term_user_cancel($edit, $account, $method) {
+ $deleted_user_id = $account->id();
+
+ /* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
+ $access_storage = \Drupal::service('permissions_by_term.access_storage');
+ $access_storage->deleteAllTermPermissionsByUserId($deleted_user_id);
+}
+
+/**
+ * Implements hook_ENTITY_TYPE_delete().
+ *
+ * Deletes all term permissions from storage when a term is deleted.
+ */
+function permissions_by_term_taxonomy_term_delete(EntityInterface $entity) {
+ /* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
+ $access_storage = \Drupal::service('permissions_by_term.access_storage');
+ $access_storage->deleteAllTermPermissionsByTid($entity->id());
+}