3 namespace Drupal\permissions_by_term\Service;
5 use Drupal\Core\Access\AccessResult;
6 use Drupal\Core\Database\Connection;
7 use Drupal\user\Entity\User;
8 use Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher;
9 use Drupal\permissions_by_term\Event\PermissionsByTermDeniedEvent;
12 * AccessCheckService class.
17 * The database connection.
19 * @var \Drupal\Core\Database\Connection
24 * @var ContainerAwareEventDispatcher
26 private $eventDispatcher;
29 * Constructs AccessCheck object.
31 * @param Connection $database
32 * The database connection.
34 public function __construct(Connection $database, ContainerAwareEventDispatcher $eventDispatcher) {
35 $this->database = $database;
36 $this->eventDispatcher = $eventDispatcher;
42 public function canUserAccessByNodeId($nid, $uid = FALSE) {
43 if (!$singleTermRestriction = \Drupal::config('permissions_by_term.settings.single_term_restriction')->get('value')) {
44 $access_allowed = TRUE;
46 $access_allowed = FALSE;
49 $terms = $this->database
50 ->query("SELECT tid FROM {taxonomy_index} WHERE nid = :nid",
51 [':nid' => $nid])->fetchAll();
53 foreach ($terms as $term) {
54 $access_allowed = $this->isAccessAllowedByDatabase($term->tid, $uid);
55 if (!$access_allowed) {
56 if ($singleTermRestriction) {
57 return $access_allowed;
61 if ($access_allowed && !$singleTermRestriction) {
62 return $access_allowed;
67 return $access_allowed;
72 * @param bool|int $uid
75 public function isAccessAllowedByDatabase($tid, $uid = FALSE) {
78 $user = \Drupal::currentUser();
79 } elseif (is_numeric($uid)) {
80 $user = User::load($uid);
83 // Admin can access everything (user id "1").
84 if ($user->id() == 1) {
90 if (!$this->isAnyPermissionSetForTerm($tid)) {
94 /* At this point permissions are enabled, check to see if this user or one
95 * of their roles is allowed.
97 $aUserRoles = $user->getRoles();
99 foreach ($aUserRoles as $sUserRole) {
101 if ($this->isTermAllowedByUserRole($tid, $sUserRole)) {
107 $iUid = intval($user->id());
109 if ($this->isTermAllowedByUserId($tid, $iUid)) {
123 private function isTermAllowedByUserId($tid, $iUid) {
124 $query_result = $this->database->query("SELECT uid FROM {permissions_by_term_user} WHERE tid = :tid AND uid = :uid",
125 [':tid' => $tid, ':uid' => $iUid])->fetchField();
127 if (!empty($query_result)) {
137 * @param string $sUserRole
141 public function isTermAllowedByUserRole($tid, $sUserRole) {
142 $query_result = $this->database->query("SELECT rid FROM {permissions_by_term_role} WHERE tid = :tid AND rid IN (:user_roles)",
143 [':tid' => $tid, ':user_roles' => $sUserRole])->fetchField();
145 if (!empty($query_result)) {
159 public function isAnyPermissionSetForTerm($tid) {
161 $iUserTableResults = intval($this->database->query("SELECT COUNT(1) FROM {permissions_by_term_user} WHERE tid = :tid",
162 [':tid' => $tid])->fetchField());
164 $iRoleTableResults = intval($this->database->query("SELECT COUNT(1) FROM {permissions_by_term_role} WHERE tid = :tid",
165 [':tid' => $tid])->fetchField());
167 if ($iUserTableResults > 0 ||
168 $iRoleTableResults > 0) {
175 * @return AccessResult
177 public function handleNode($nodeId) {
178 if ($this->canUserAccessByNodeId($nodeId) === TRUE) {
179 return AccessResult::neutral();
182 $accessDeniedEvent = new PermissionsByTermDeniedEvent($nodeId);
183 $this->eventDispatcher->dispatch(PermissionsByTermDeniedEvent::NAME, $accessDeniedEvent);
185 return AccessResult::forbidden();