--- /dev/null
+<?php
+
+namespace Drupal\permissions_by_term;
+
+use Drupal\Core\Entity\EntityManagerInterface;
+use Drupal\user\Entity\User;
+
+/**
+ * AccessCheckService class.
+ */
+class AccessCheck implements AccessCheckInterface{
+
+ /**
+ * AccessCheckService constructor.
+ */
+ public function __construct(EntityManagerInterface $entity_manager) {
+ $this->entityManager = $entity_manager;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function canUserAccessByNodeId($iNid, $uid = FALSE) {
+ $node = $this->entityManager->getStorage('node')->load($iNid);
+
+ $access_allowed = TRUE;
+
+ foreach ($node->getFields() as $field) {
+ if ($field->getFieldDefinition()->getType() == 'entity_reference' && $field->getFieldDefinition()->getSetting('target_type') == 'taxonomy_term') {
+ $aReferencedTaxonomyTerms = $field->getValue();
+ if (!empty($aReferencedTaxonomyTerms)) {
+ foreach ($aReferencedTaxonomyTerms as $aReferencedTerm) {
+ if (isset($aReferencedTerm['target_id']) && !$this->isAccessAllowedByDatabase($aReferencedTerm['target_id'], $uid)) {
+ $access_allowed = FALSE;
+ }
+ }
+ }
+ }
+ }
+
+ return $access_allowed;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function viewContainsNode($view) {
+ $bViewContainsNodes = FALSE;
+
+ foreach ($view->result as $view_result) {
+ if (array_key_exists('nid', $view_result) === TRUE) {
+ $bViewContainsNodes = TRUE;
+ break;
+ }
+ }
+ return $bViewContainsNodes;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function removeForbiddenNodesFromView(&$view) {
+ $aNodesToHideInView = [];
+
+ // Iterate over all nodes in view.
+ foreach ($view->result as $v) {
+
+ if ($this->canUserAccessByNodeId($v->nid) === FALSE) {
+ $aNodesToHideInView[] = $v->nid;
+ }
+
+ }
+
+ $counter = 0;
+
+ foreach ($view->result as $v) {
+ if (in_array($v->nid, $aNodesToHideInView)) {
+ unset($view->result[$counter]);
+ }
+ $counter++;
+ }
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function isAccessAllowedByDatabase($tid, $uid = FALSE) {
+
+ if ($uid === FALSE) {
+ $user = \Drupal::currentUser();
+ } elseif (is_numeric($uid)) {
+ $user = User::load($uid);
+ }
+
+ // Admin can access everything (user id "1").
+ if ($user->id() == 1) {
+ return TRUE;
+ }
+
+ $tid = intval($tid);
+
+ if (!$this->isAnyPermissionSetForTerm($tid)) {
+ return TRUE;
+ }
+
+ /* At this point permissions are enabled, check to see if this user or one
+ * of their roles is allowed.
+ */
+ $aUserRoles = $user->getRoles();
+
+ foreach ($aUserRoles as $sUserRole) {
+
+ if ($this->isTermAllowedByUserRole($tid, $sUserRole)) {
+ return TRUE;
+ }
+
+ }
+
+ $iUid = intval($user->id());
+
+ if ($this->isTermAllowedByUserId($tid, $iUid)) {
+ return TRUE;
+ }
+
+ return FALSE;
+
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function isTermAllowedByUserId($tid, $iUid) {
+
+ $query_result = db_query("SELECT uid FROM {permissions_by_term_user} WHERE tid = :tid AND uid = :uid",
+ [':tid' => $tid, ':uid' => $iUid])->fetchField();
+
+ if (!empty($query_result)) {
+ return TRUE;
+ }
+ else {
+ return FALSE;
+ }
+
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function isTermAllowedByUserRole($tid, $sUserRole) {
+ $query_result = db_query("SELECT rid FROM {permissions_by_term_role} WHERE tid = :tid AND rid IN (:user_roles)",
+ [':tid' => $tid, ':user_roles' => $sUserRole])->fetchField();
+
+ if (!empty($query_result)) {
+ return TRUE;
+ }
+ else {
+ return FALSE;
+ }
+
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function isAnyPermissionSetForTerm($tid) {
+
+ $iUserTableResults = intval(db_query("SELECT COUNT(1) FROM {permissions_by_term_user} WHERE tid = :tid",
+ [':tid' => $tid])->fetchField());
+
+ $iRoleTableResults = intval(db_query("SELECT COUNT(1) FROM {permissions_by_term_role} WHERE tid = :tid",
+ [':tid' => $tid])->fetchField());
+
+ if ($iUserTableResults > 0 ||
+ $iRoleTableResults > 0) {
+ return TRUE;
+ }
+
+ }
+
+}