3 namespace Drupal\permissions_by_term;
5 use Drupal\Core\Entity\EntityManagerInterface;
6 use Drupal\user\Entity\User;
9 * AccessCheckService class.
11 class AccessCheck implements AccessCheckInterface{
14 * AccessCheckService constructor.
16 public function __construct(EntityManagerInterface $entity_manager) {
17 $this->entityManager = $entity_manager;
23 public function canUserAccessByNodeId($iNid, $uid = FALSE) {
24 $node = $this->entityManager->getStorage('node')->load($iNid);
26 $access_allowed = TRUE;
28 foreach ($node->getFields() as $field) {
29 if ($field->getFieldDefinition()->getType() == 'entity_reference' && $field->getFieldDefinition()->getSetting('target_type') == 'taxonomy_term') {
30 $aReferencedTaxonomyTerms = $field->getValue();
31 if (!empty($aReferencedTaxonomyTerms)) {
32 foreach ($aReferencedTaxonomyTerms as $aReferencedTerm) {
33 if (isset($aReferencedTerm['target_id']) && !$this->isAccessAllowedByDatabase($aReferencedTerm['target_id'], $uid)) {
34 $access_allowed = FALSE;
41 return $access_allowed;
47 public function viewContainsNode($view) {
48 $bViewContainsNodes = FALSE;
50 foreach ($view->result as $view_result) {
51 if (array_key_exists('nid', $view_result) === TRUE) {
52 $bViewContainsNodes = TRUE;
56 return $bViewContainsNodes;
62 public function removeForbiddenNodesFromView(&$view) {
63 $aNodesToHideInView = [];
65 // Iterate over all nodes in view.
66 foreach ($view->result as $v) {
68 if ($this->canUserAccessByNodeId($v->nid) === FALSE) {
69 $aNodesToHideInView[] = $v->nid;
76 foreach ($view->result as $v) {
77 if (in_array($v->nid, $aNodesToHideInView)) {
78 unset($view->result[$counter]);
87 public function isAccessAllowedByDatabase($tid, $uid = FALSE) {
90 $user = \Drupal::currentUser();
91 } elseif (is_numeric($uid)) {
92 $user = User::load($uid);
95 // Admin can access everything (user id "1").
96 if ($user->id() == 1) {
102 if (!$this->isAnyPermissionSetForTerm($tid)) {
106 /* At this point permissions are enabled, check to see if this user or one
107 * of their roles is allowed.
109 $aUserRoles = $user->getRoles();
111 foreach ($aUserRoles as $sUserRole) {
113 if ($this->isTermAllowedByUserRole($tid, $sUserRole)) {
119 $iUid = intval($user->id());
121 if ($this->isTermAllowedByUserId($tid, $iUid)) {
132 public function isTermAllowedByUserId($tid, $iUid) {
134 $query_result = db_query("SELECT uid FROM {permissions_by_term_user} WHERE tid = :tid AND uid = :uid",
135 [':tid' => $tid, ':uid' => $iUid])->fetchField();
137 if (!empty($query_result)) {
149 public function isTermAllowedByUserRole($tid, $sUserRole) {
150 $query_result = db_query("SELECT rid FROM {permissions_by_term_role} WHERE tid = :tid AND rid IN (:user_roles)",
151 [':tid' => $tid, ':user_roles' => $sUserRole])->fetchField();
153 if (!empty($query_result)) {
165 public function isAnyPermissionSetForTerm($tid) {
167 $iUserTableResults = intval(db_query("SELECT COUNT(1) FROM {permissions_by_term_user} WHERE tid = :tid",
168 [':tid' => $tid])->fetchField());
170 $iRoleTableResults = intval(db_query("SELECT COUNT(1) FROM {permissions_by_term_role} WHERE tid = :tid",
171 [':tid' => $tid])->fetchField());
173 if ($iUserTableResults > 0 ||
174 $iRoleTableResults > 0) {