+++ /dev/null
-<?php
-
-namespace Drupal\permissions_by_term;
-
-use Drupal\Core\Entity\EntityManagerInterface;
-use Drupal\user\Entity\User;
-
-/**
- * AccessCheckService class.
- */
-class AccessCheck implements AccessCheckInterface{
-
- /**
- * AccessCheckService constructor.
- */
- public function __construct(EntityManagerInterface $entity_manager) {
- $this->entityManager = $entity_manager;
- }
-
- /**
- * {@inheritdoc}
- */
- public function canUserAccessByNodeId($iNid, $uid = FALSE) {
- $node = $this->entityManager->getStorage('node')->load($iNid);
-
- $access_allowed = TRUE;
-
- foreach ($node->getFields() as $field) {
- if ($field->getFieldDefinition()->getType() == 'entity_reference' && $field->getFieldDefinition()->getSetting('target_type') == 'taxonomy_term') {
- $aReferencedTaxonomyTerms = $field->getValue();
- if (!empty($aReferencedTaxonomyTerms)) {
- foreach ($aReferencedTaxonomyTerms as $aReferencedTerm) {
- if (isset($aReferencedTerm['target_id']) && !$this->isAccessAllowedByDatabase($aReferencedTerm['target_id'], $uid)) {
- $access_allowed = FALSE;
- }
- }
- }
- }
- }
-
- return $access_allowed;
- }
-
- /**
- * {@inheritdoc}
- */
- public function viewContainsNode($view) {
- $bViewContainsNodes = FALSE;
-
- foreach ($view->result as $view_result) {
- if (array_key_exists('nid', $view_result) === TRUE) {
- $bViewContainsNodes = TRUE;
- break;
- }
- }
- return $bViewContainsNodes;
- }
-
- /**
- * {@inheritdoc}
- */
- public function removeForbiddenNodesFromView(&$view) {
- $aNodesToHideInView = [];
-
- // Iterate over all nodes in view.
- foreach ($view->result as $v) {
-
- if ($this->canUserAccessByNodeId($v->nid) === FALSE) {
- $aNodesToHideInView[] = $v->nid;
- }
-
- }
-
- $counter = 0;
-
- foreach ($view->result as $v) {
- if (in_array($v->nid, $aNodesToHideInView)) {
- unset($view->result[$counter]);
- }
- $counter++;
- }
- }
-
- /**
- * {@inheritdoc}
- */
- public function isAccessAllowedByDatabase($tid, $uid = FALSE) {
-
- if ($uid === FALSE) {
- $user = \Drupal::currentUser();
- } elseif (is_numeric($uid)) {
- $user = User::load($uid);
- }
-
- // Admin can access everything (user id "1").
- if ($user->id() == 1) {
- return TRUE;
- }
-
- $tid = intval($tid);
-
- if (!$this->isAnyPermissionSetForTerm($tid)) {
- return TRUE;
- }
-
- /* At this point permissions are enabled, check to see if this user or one
- * of their roles is allowed.
- */
- $aUserRoles = $user->getRoles();
-
- foreach ($aUserRoles as $sUserRole) {
-
- if ($this->isTermAllowedByUserRole($tid, $sUserRole)) {
- return TRUE;
- }
-
- }
-
- $iUid = intval($user->id());
-
- if ($this->isTermAllowedByUserId($tid, $iUid)) {
- return TRUE;
- }
-
- return FALSE;
-
- }
-
- /**
- * {@inheritdoc}
- */
- public function isTermAllowedByUserId($tid, $iUid) {
-
- $query_result = db_query("SELECT uid FROM {permissions_by_term_user} WHERE tid = :tid AND uid = :uid",
- [':tid' => $tid, ':uid' => $iUid])->fetchField();
-
- if (!empty($query_result)) {
- return TRUE;
- }
- else {
- return FALSE;
- }
-
- }
-
- /**
- * {@inheritdoc}
- */
- public function isTermAllowedByUserRole($tid, $sUserRole) {
- $query_result = db_query("SELECT rid FROM {permissions_by_term_role} WHERE tid = :tid AND rid IN (:user_roles)",
- [':tid' => $tid, ':user_roles' => $sUserRole])->fetchField();
-
- if (!empty($query_result)) {
- return TRUE;
- }
- else {
- return FALSE;
- }
-
- }
-
- /**
- * {@inheritdoc}
- */
- public function isAnyPermissionSetForTerm($tid) {
-
- $iUserTableResults = intval(db_query("SELECT COUNT(1) FROM {permissions_by_term_user} WHERE tid = :tid",
- [':tid' => $tid])->fetchField());
-
- $iRoleTableResults = intval(db_query("SELECT COUNT(1) FROM {permissions_by_term_role} WHERE tid = :tid",
- [':tid' => $tid])->fetchField());
-
- if ($iUserTableResults > 0 ||
- $iRoleTableResults > 0) {
- return TRUE;
- }
-
- }
-
-}