* Allows access to terms in a vocabulary to be limited by user or role.
*/
-use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Cache\Cache;
+use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormState;
-use Drupal\permissions_by_term\Controller\PermissionsByTermController;
use Drupal\Core\Form\FormStateInterface;
-use Drupal\node\NodeInterface;
+use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Session\AccountInterface;
-use Drupal\permissions_by_term\Event\PermissionsByTermDeniedEvent;
+use Drupal\node\NodeInterface;
use Drupal\taxonomy\Entity\Term;
-use Drupal\Core\Routing\RouteMatchInterface;
-use Drupal\Core\Cache\Cache;
/**
* Implements hook_help().
$not_allowed_term_names = [];
if (!empty($terms)) {
foreach ($terms as $term) {
- $term_id = $term['target_id'];
- /* @var \Drupal\permissions_by_term\Service\AccessCheck $access_check_service */
- $access_check_service = \Drupal::service('permissions_by_term.access_check');
- if (!$access_check_service->isAccessAllowedByDatabase($term_id)) {
- $term = Term::load($term_id);
- $not_allowed_term_names[] = $term->getName();
+ if (!empty($term['target_id'])) {
+ $term_id = $term['target_id'];
+ /* @var \Drupal\permissions_by_term\Service\AccessCheck $access_check_service */
+ $access_check_service = \Drupal::service('permissions_by_term.access_check');
+ if (!$access_check_service->isAccessAllowedByDatabase($term_id)) {
+ $term = Term::load($term_id);
+ $not_allowed_term_names[] = $term->getName();
+ }
}
}
}
/* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
$access_storage = \Drupal::service('permissions_by_term.access_storage');
+ $description = <<<EOT
+To limit access to this term by user(s) or role(s), select users or roles above.
+If left empty, all users will have access to content, related to this taxonomy term
+and this taxonomy term itself.
+EOT;
+
$form['access'] = [
'#type' => 'fieldset',
'#title' => t('Permissions'),
- '#description' => t('To limit access to this term by user or roles,
- add users or roles to the following lists. Leave empty to allow
- node access by single node view, node listing in views and taxonomy
- term selection by all users.'),
+ '#description' => t($description),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#attributes' => ['id' => 'fieldset_term_access'],
$sUserFormValue = NULL;
}
+ $description = <<<EOT
+Enter a comma-separated list of user names who will be able to access content,
+related to this taxonomy term.
+EOT;
+
// Note that the autocomplete widget will only enable for users with the
// 'access profiles' permission. Other users will have to specify the name
// manually.
'#type' => 'entity_autocomplete',
'#target_type' => 'user',
'#title' => t('Allowed users'),
- '#description' => t('Enter a comma-seperated list of user names to give') . ' ' .
- t('them permission to use this term and access related nodes in single node view
- and views listings.'),
+ '#description' => t($description),
'#value' => $sUserFormValue,
'#size' => 60,
'#autocomplete_route_name' => 'permissions_by_term.autocomplete_multiple',
}
}
+ $description = <<<EOT
+Select user roles who will be able to access content, related to this taxonomy term.
+EOT;
+
// Now, lets do the Roles table.
$form['access']['role'] = [
'#type' => 'checkboxes',
'#title' => t('Allowed roles'),
- '#description' => t('Select a role to allow all members of this role to
- use this term and access related nodes in single node view and views
- listings.'),
+ '#description' => t($description),
'#default_value' => $aSetRoles,
'#options' => $aTranslatedUserRoles,
'#multiple' => FALSE,
* through the administrative interface.
*/
function permissions_by_term_node_access(NodeInterface $node, $op, AccountInterface $account) {
- if (method_exists($node, 'id') && ($op == 'view' OR $op == 'update' OR $op == 'delete')) {
- if (!$node->isPublished() && !$account->hasPermission('Bypass content access control', $account)) {
- $eventDispatcher = \Drupal::service('event_dispatcher');
- $accessDeniedEvent = new PermissionsByTermDeniedEvent($node->id());
- $eventDispatcher->dispatch(PermissionsByTermDeniedEvent::NAME, $accessDeniedEvent);
-
- return AccessResult::forbidden();
- }
+ /* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck */
+ $accessCheck = \Drupal::service('permissions_by_term.access_check');
- /* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck */
- $accessCheck = \Drupal::service('permissions_by_term.access_check');
-
- return $accessCheck->handleNode($node->id());
- }
+ return $accessCheck->handleNode($node->id(), $node->language()->getId());
}
/**
foreach ($access_storage->getTidsByNid($node->id()) as $tid) {
/* @var \Drupal\permissions_by_term\Service\AccessCheck $access_check_service */
$access_check_service = \Drupal::service('permissions_by_term.access_check');
- if ($access_check_service->isAnyPermissionSetForTerm($tid)) {
+ if ($access_check_service->isAnyPermissionSetForTerm($tid, $node->language()->getId())) {
$has_term_access_restrictions = TRUE;
break;
}
'grant_view' => $grantObject->grant_view,
'grant_update' => $grantObject->grant_update,
'grant_delete' => $grantObject->grant_delete,
- 'langcode' => $grantObject->langcode,
- 'fallback' => 1,
'nid' => $node->id(),
];
if (!empty($fieldDefinitionSettings['target_type']) && $fieldDefinitionSettings['target_type'] == 'taxonomy_term') {
foreach ($options as $id => $names) {
if ($id !== '_none') {
- /**
- * @var \Drupal\permissions_by_term\Service\Term $term
- */
- $term = \Drupal::service('permissions_by_term.term');
-
/**
* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck
*/
$accessCheck = \Drupal::service('permissions_by_term.access_check');
if (is_array($names)) {
- foreach ($names as $name) {
- if (!$accessCheck->isAccessAllowedByDatabase($term->getTermIdByName($name))) {
+ foreach ($names as $group_id => $name) {
+ if (!$accessCheck->isAccessAllowedByDatabase($group_id)) {
unset($options[$id]);
}
}
} elseif(is_string($names)) {
- if (!$accessCheck->isAccessAllowedByDatabase($term->getTermIdByName($names))) {
+ if (!$accessCheck->isAccessAllowedByDatabase($id)) {
unset($options[$id]);
}
}
$access_storage = \Drupal::service('permissions_by_term.access_storage');
$access_storage->deleteAllTermPermissionsByUserId($deleted_user_id);
}
+
+/**
+ * Implements hook_ENTITY_TYPE_delete().
+ *
+ * Deletes all term permissions from storage when a term is deleted.
+ */
+function permissions_by_term_taxonomy_term_delete(EntityInterface $entity) {
+ /* @var \Drupal\permissions_by_term\Service\AccessStorage $access_storage */
+ $access_storage = \Drupal::service('permissions_by_term.access_storage');
+ $access_storage->deleteAllTermPermissionsByTid($entity->id());
+}