X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fmodules%2Fcontrib%2Fpermissions_by_term%2Fsrc%2FService%2FAccessCheck.php;fp=web%2Fmodules%2Fcontrib%2Fpermissions_by_term%2Fsrc%2FService%2FAccessCheck.php;h=e558f085ee29eab4bc3cc6feef17088dba845ce3;hp=9e1c03b2b059cab39c160a1350ecfcdd434e8333;hb=af6d1fb995500ae68849458ee10d66abbdcfb252;hpb=680c79a86e3ed402f263faeac92e89fb6d9edcc0

diff --git a/web/modules/contrib/permissions_by_term/src/Service/AccessCheck.php b/web/modules/contrib/permissions_by_term/src/Service/AccessCheck.php
index 9e1c03b2b..e558f085e 100644
--- a/web/modules/contrib/permissions_by_term/src/Service/AccessCheck.php
+++ b/web/modules/contrib/permissions_by_term/src/Service/AccessCheck.php
@@ -2,11 +2,12 @@
 
 namespace Drupal\permissions_by_term\Service;
 
+use Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher;
 use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Database\Connection;
-use Drupal\user\Entity\User;
-use Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher;
 use Drupal\permissions_by_term\Event\PermissionsByTermDeniedEvent;
+use Drupal\user\Entity\User;
+use Drupal\taxonomy\Entity\Term;
 
 /**
  * AccessCheckService class.
@@ -37,9 +38,17 @@ class AccessCheck {
   }
 
   /**
-   * @return bool
+   * @param int $nid
+   * @param bool $uid
+   * @param string $langcode
+   *
+   * @return array|bool
    */
-  public function canUserAccessByNodeId($nid, $uid = FALSE) {
+  public function canUserAccessByNodeId($nid, $uid = FALSE, $langcode = 'en') {
+    if (\Drupal::currentUser()->hasPermission('bypass node access')) {
+      return TRUE;
+    }
+
     if (!$singleTermRestriction = \Drupal::config('permissions_by_term.settings.single_term_restriction')->get('value')) {
       $access_allowed = TRUE;
     } else {
@@ -50,16 +59,24 @@ class AccessCheck {
       ->query("SELECT tid FROM {taxonomy_index} WHERE nid = :nid",
       [':nid' => $nid])->fetchAll();
 
+    if (empty($terms)) {
+      return TRUE;
+    }
+
     foreach ($terms as $term) {
-      $access_allowed = $this->isAccessAllowedByDatabase($term->tid, $uid);
-      if (!$access_allowed) {
-        if ($singleTermRestriction) {
-          return $access_allowed;
+      $termInfo = Term::load($term->tid);
+
+      if ($termInfo->get('langcode')->getLangcode() == $langcode) {
+        $access_allowed = $this->isAccessAllowedByDatabase($term->tid, $uid, $termInfo->get('langcode')->getLangcode());
+        if (!$access_allowed) {
+          if ($singleTermRestriction) {
+            return $access_allowed;
+          }
         }
-      }
 
-      if ($access_allowed && !$singleTermRestriction) {
-        return $access_allowed;
+        if ($access_allowed && !$singleTermRestriction) {
+          return $access_allowed;
+        }
       }
 
     }
@@ -70,24 +87,20 @@ class AccessCheck {
   /**
    * @param int      $tid
    * @param bool|int $uid
-   * @return array
+   * @param string   $langcode
+   * @return bool
    */
-  public function isAccessAllowedByDatabase($tid, $uid = FALSE) {
+  public function isAccessAllowedByDatabase($tid, $uid = FALSE, $langcode = 'en') {
 
-    if ($uid === FALSE) {
+    if ($uid === FALSE || (int) $uid === 0) {
       $user = \Drupal::currentUser();
     } elseif (is_numeric($uid)) {
       $user = User::load($uid);
     }
 
-    // Admin can access everything (user id "1").
-    if ($user->id() == 1) {
-      return TRUE;
-    }
-
-    $tid = intval($tid);
+    $tid = (int) $tid;
 
-    if (!$this->isAnyPermissionSetForTerm($tid)) {
+    if (!$this->isAnyPermissionSetForTerm($tid, $langcode)) {
       return TRUE;
     }
 
@@ -98,7 +111,7 @@ class AccessCheck {
 
     foreach ($aUserRoles as $sUserRole) {
 
-      if ($this->isTermAllowedByUserRole($tid, $sUserRole)) {
+      if ($this->isTermAllowedByUserRole($tid, $sUserRole, $langcode)) {
         return TRUE;
       }
 
@@ -106,7 +119,7 @@ class AccessCheck {
 
     $iUid = intval($user->id());
 
-    if ($this->isTermAllowedByUserId($tid, $iUid)) {
+    if ($this->isTermAllowedByUserId($tid, $iUid, $langcode)) {
       return TRUE;
     }
 
@@ -115,14 +128,15 @@ class AccessCheck {
   }
 
   /**
-   * @param int $tid
-   * @param int $iUid
+   * @param int    $tid
+   * @param int    $iUid
+   * @param string $langcode
    *
    * @return bool
    */
-  private function isTermAllowedByUserId($tid, $iUid) {
-    $query_result = $this->database->query("SELECT uid FROM {permissions_by_term_user} WHERE tid = :tid AND uid = :uid",
-      [':tid' => $tid, ':uid' => $iUid])->fetchField();
+  private function isTermAllowedByUserId($tid, $iUid, $langcode) {
+    $query_result = $this->database->query("SELECT uid FROM {permissions_by_term_user} WHERE tid = :tid AND uid = :uid AND langcode = :langcode",
+      [':tid' => $tid, ':uid' => $iUid, ':langcode' => $langcode])->fetchField();
 
     if (!empty($query_result)) {
       return TRUE;
@@ -135,12 +149,13 @@ class AccessCheck {
   /**
    * @param int    $tid
    * @param string $sUserRole
+   * @param string $langcode
    *
    * @return bool
    */
-  public function isTermAllowedByUserRole($tid, $sUserRole) {
-    $query_result = $this->database->query("SELECT rid FROM {permissions_by_term_role} WHERE tid = :tid AND rid IN (:user_roles)",
-      [':tid' => $tid, ':user_roles' => $sUserRole])->fetchField();
+  public function isTermAllowedByUserRole($tid, $sUserRole, $langcode) {
+    $query_result = $this->database->query("SELECT rid FROM {permissions_by_term_role} WHERE tid = :tid AND rid IN (:user_roles) AND langcode = :langcode",
+      [':tid' => $tid, ':user_roles' => $sUserRole, ':langcode' => $langcode])->fetchField();
 
     if (!empty($query_result)) {
       return TRUE;
@@ -152,17 +167,17 @@ class AccessCheck {
   }
 
   /**
-   * @param int $tid
+   * @param int    $tid
+   * @param string $langcode
    *
    * @return bool
    */
-  public function isAnyPermissionSetForTerm($tid) {
-
-    $iUserTableResults = intval($this->database->query("SELECT COUNT(1) FROM {permissions_by_term_user} WHERE tid = :tid",
-      [':tid' => $tid])->fetchField());
+  public function isAnyPermissionSetForTerm($tid, $langcode = 'en') {
+    $iUserTableResults = intval($this->database->query("SELECT COUNT(1) FROM {permissions_by_term_user} WHERE tid = :tid AND langcode = :langcode",
+      [':tid' => $tid, ':langcode' => $langcode])->fetchField());
 
-    $iRoleTableResults = intval($this->database->query("SELECT COUNT(1) FROM {permissions_by_term_role} WHERE tid = :tid",
-      [':tid' => $tid])->fetchField());
+    $iRoleTableResults = intval($this->database->query("SELECT COUNT(1) FROM {permissions_by_term_role} WHERE tid = :tid AND langcode = :langcode",
+      [':tid' => $tid, ':langcode' => $langcode])->fetchField());
 
     if ($iUserTableResults > 0 ||
       $iRoleTableResults > 0) {
@@ -172,10 +187,13 @@ class AccessCheck {
   }
 
   /**
+   * @param string $nodeId
+   * @param string $langcode
+   *
    * @return AccessResult
    */
-  public function handleNode($nodeId) {
-    if ($this->canUserAccessByNodeId($nodeId) === TRUE) {
+  public function handleNode($nodeId, $langcode) {
+    if ($this->canUserAccessByNodeId($nodeId, false, $langcode) === TRUE) {
       return AccessResult::neutral();
     }
     else {