Головна сторінка Огляд Довідка
Увійти
bachir
/
edlp_d8
1
0
Відгалуження 0
Файли Проблеми 8 Запити на злиття 0 Wiki
Дерево: afcb9d9c34
Гілки Теги
edlp_d8
/
core
/
modules
/
node
/
src
/
NodeGrantDatabaseStorage.php

NodeGrantDatabaseStorage.php 9.8 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\node;
    4. 

  4. 

  5. use Drupal\Core\Access\AccessResult;
    6. 

  6. use Drupal\Core\Database\Connection;
    7. 

  7. use Drupal\Core\Database\Query\SelectInterface;
    8. 

  8. use Drupal\Core\Database\Query\Condition;
    9. 

  9. use Drupal\Core\Extension\ModuleHandlerInterface;
    10. 

  10. use Drupal\Core\Language\LanguageManagerInterface;
    11. 

  11. use Drupal\Core\Session\AccountInterface;
    12. 

  12. 

  13. /**
    14. 

  14.  * Defines a storage handler class that handles the node grants system.
    15. 

  15.  *
    16. 

  16.  * This is used to build node query access.
    17. 

  17.  *
    18. 

  18.  * @ingroup node_access
    19. 

  19.  */
    20. 

  20. class NodeGrantDatabaseStorage implements NodeGrantDatabaseStorageInterface {
    21. 

  21. 

  22.   /**
    23. 

  23.    * The database connection.
    24. 

  24.    *
    25. 

  25.    * @var \Drupal\Core\Database\Connection
    26. 

  26.    */
    27. 

  27.   protected $database;
    28. 

  28. 

  29.   /**
    30. 

  30.    * The module handler.
    31. 

  31.    *
    32. 

  32.    * @var \Drupal\Core\Extension\ModuleHandlerInterface
    33. 

  33.    */
    34. 

  34.   protected $moduleHandler;
    35. 

  35. 

  36.   /**
    37. 

  37.    * The language manager.
    38. 

  38.    *
    39. 

  39.    * @var \Drupal\Core\Language\LanguageManagerInterface
    40. 

  40.    */
    41. 

  41.   protected $languageManager;
    42. 

  42. 

  43.   /**
    44. 

  44.    * Constructs a NodeGrantDatabaseStorage object.
    45. 

  45.    *
    46. 

  46.    * @param \Drupal\Core\Database\Connection $database
    47. 

  47.    *   The database connection.
    48. 

  48.    * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
    49. 

  49.    *   The module handler.
    50. 

  50.    * @param \Drupal\Core\Language\LanguageManagerInterface $language_manager
    51. 

  51.    *   The language manager.
    52. 

  52.    */
    53. 

  53.   public function __construct(Connection $database, ModuleHandlerInterface $module_handler, LanguageManagerInterface $language_manager) {
    54. 

  54.     $this->database = $database;
    55. 

  55.     $this->moduleHandler = $module_handler;
    56. 

  56.     $this->languageManager = $language_manager;
    57. 

  57.   }
    58. 

  58. 

  59.   /**
    60. 

  60.    * {@inheritdoc}
    61. 

  61.    */
    62. 

  62.   public function access(NodeInterface $node, $operation, AccountInterface $account) {
    63. 

  63.     // Grants only support these operations.
    64. 

  64.     if (!in_array($operation, ['view', 'update', 'delete'])) {
    65. 

  65.       return AccessResult::neutral();
    66. 

  66.     }
    67. 

  67. 

  68.     // If no module implements the hook or the node does not have an id there is
    69. 

  69.     // no point in querying the database for access grants.
    70. 

  70.     if (!$this->moduleHandler->getImplementations('node_grants') || !$node->id()) {
    71. 

  71.       // Return the equivalent of the default grant, defined by
    72. 

  72.       // self::writeDefault().
    73. 

  73.       if ($operation === 'view') {
    74. 

  74.         return AccessResult::allowedIf($node->isPublished())->addCacheableDependency($node);
    75. 

  75.       }
    76. 

  76.       else {
    77. 

  77.         return AccessResult::neutral();
    78. 

  78.       }
    79. 

  79.     }
    80. 

  80. 

  81.     // Check the database for potential access grants.
    82. 

  82.     $query = $this->database->select('node_access');
    83. 

  83.     $query->addExpression('1');
    84. 

  84.     // Only interested for granting in the current operation.
    85. 

  85.     $query->condition('grant_' . $operation, 1, '>=');
    86. 

  86.     // Check for grants for this node and the correct langcode.
    87. 

  87.     $nids = $query->andConditionGroup()
    88. 

  88.       ->condition('nid', $node->id())
    89. 

  89.       ->condition('langcode', $node->language()->getId());
    90. 

  90.     // If the node is published, also take the default grant into account. The
    91. 

  91.     // default is saved with a node ID of 0.
    92. 

  92.     $status = $node->isPublished();
    93. 

  93.     if ($status) {
    94. 

  94.       $nids = $query->orConditionGroup()
    95. 

  95.         ->condition($nids)
    96. 

  96.         ->condition('nid', 0);
    97. 

  97.     }
    98. 

  98.     $query->condition($nids);
    99. 

  99.     $query->range(0, 1);
    100. 

  100. 

  101.     $grants = static::buildGrantsQueryCondition(node_access_grants($operation, $account));
    102. 

  102. 

  103.     if (count($grants) > 0) {
    104. 

  104.       $query->condition($grants);
    105. 

  105.     }
    106. 

  106. 

  107.     // Only the 'view' node grant can currently be cached; the others currently
    108. 

  108.     // don't have any cacheability metadata. Hopefully, we can add that in the
    109. 

  109.     // future, which would allow this access check result to be cacheable in all
    110. 

  110.     // cases. For now, this must remain marked as uncacheable, even when it is
    111. 

  111.     // theoretically cacheable, because we don't have the necessary metadata to
    112. 

  112.     // know it for a fact.
    113. 

  113.     $set_cacheability = function (AccessResult $access_result) use ($operation) {
    114. 

  114.       $access_result->addCacheContexts(['user.node_grants:' . $operation]);
    115. 

  115.       if ($operation !== 'view') {
    116. 

  116.         $access_result->setCacheMaxAge(0);
    117. 

  117.       }
    118. 

  118.       return $access_result;
    119. 

  119.     };
    120. 

  120. 

  121.     if ($query->execute()->fetchField()) {
    122. 

  122.       return $set_cacheability(AccessResult::allowed());
    123. 

  123.     }
    124. 

  124.     else {
    125. 

  125.       return $set_cacheability(AccessResult::neutral());
    126. 

  126.     }
    127. 

  127.   }
    128. 

  128. 

  129.   /**
    130. 

  130.    * {@inheritdoc}
    131. 

  131.    */
    132. 

  132.   public function checkAll(AccountInterface $account) {
    133. 

  133.     $query = $this->database->select('node_access');
    134. 

  134.     $query->addExpression('COUNT(*)');
    135. 

  135.     $query
    136. 

  136.       ->condition('nid', 0)
    137. 

  137.       ->condition('grant_view', 1, '>=');
    138. 

  138. 

  139.     $grants = static::buildGrantsQueryCondition(node_access_grants('view', $account));
    140. 

  140. 

  141.     if (count($grants) > 0) {
    142. 

  142.       $query->condition($grants);
    143. 

  143.     }
    144. 

  144.     return $query->execute()->fetchField();
    145. 

  145.   }
    146. 

  146. 

  147.   /**
    148. 

  148.    * {@inheritdoc}
    149. 

  149.    */
    150. 

  150.   public function alterQuery($query, array $tables, $op, AccountInterface $account, $base_table) {
    151. 

  151.     if (!$langcode = $query->getMetaData('langcode')) {
    152. 

  152.       $langcode = FALSE;
    153. 

  153.     }
    154. 

  154. 

  155.     // Find all instances of the base table being joined -- could appear
    156. 

  156.     // more than once in the query, and could be aliased. Join each one to
    157. 

  157.     // the node_access table.
    158. 

  158.     $grants = node_access_grants($op, $account);
    159. 

  159.     foreach ($tables as $nalias => $tableinfo) {
    160. 

  160.       $table = $tableinfo['table'];
    161. 

  161.       if (!($table instanceof SelectInterface) && $table == $base_table) {
    162. 

  162.         // Set the subquery.
    163. 

  163.         $subquery = $this->database->select('node_access', 'na')
    164. 

  164.           ->fields('na', ['nid']);
    165. 

  165. 

  166.         // If any grant exists for the specified user, then user has access to the
    167. 

  167.         // node for the specified operation.
    168. 

  168.         $grant_conditions = static::buildGrantsQueryCondition($grants);
    169. 

  169. 

  170.         // Attach conditions to the subquery for nodes.
    171. 

  171.         if (count($grant_conditions->conditions())) {
    172. 

  172.           $subquery->condition($grant_conditions);
    173. 

  173.         }
    174. 

  174.         $subquery->condition('na.grant_' . $op, 1, '>=');
    175. 

  175. 

  176.         // Add langcode-based filtering if this is a multilingual site.
    177. 

  177.         if (\Drupal::languageManager()->isMultilingual()) {
    178. 

  178.           // If no specific langcode to check for is given, use the grant entry
    179. 

  179.           // which is set as a fallback.
    180. 

  180.           // If a specific langcode is given, use the grant entry for it.
    181. 

  181.           if ($langcode === FALSE) {
    182. 

  182.             $subquery->condition('na.fallback', 1, '=');
    183. 

  183.           }
    184. 

  184.           else {
    185. 

  185.             $subquery->condition('na.langcode', $langcode, '=');
    186. 

  186.           }
    187. 

  187.         }
    188. 

  188. 

  189.         $field = 'nid';
    190. 

  190.         // Now handle entities.
    191. 

  191.         $subquery->where("$nalias.$field = na.nid");
    192. 

  192. 

  193.         $query->exists($subquery);
    194. 

  194.       }
    195. 

  195.     }
    196. 

  196.   }
    197. 

  197. 

  198.   /**
    199. 

  199.    * {@inheritdoc}
    200. 

  200.    */
    201. 

  201.   public function write(NodeInterface $node, array $grants, $realm = NULL, $delete = TRUE) {
    202. 

  202.     if ($delete) {
    203. 

  203.       $query = $this->database->delete('node_access')->condition('nid', $node->id());
    204. 

  204.       if ($realm) {
    205. 

  205.         $query->condition('realm', [$realm, 'all'], 'IN');
    206. 

  206.       }
    207. 

  207.       $query->execute();
    208. 

  208.     }
    209. 

  209.     // Only perform work when node_access modules are active.
    210. 

  210.     if (!empty($grants) && count($this->moduleHandler->getImplementations('node_grants'))) {
    211. 

  211.       $query = $this->database->insert('node_access')->fields(['nid', 'langcode', 'fallback', 'realm', 'gid', 'grant_view', 'grant_update', 'grant_delete']);
    212. 

  212.       // If we have defined a granted langcode, use it. But if not, add a grant
    213. 

  213.       // for every language this node is translated to.
    214. 

  214.       $fallback_langcode = $node->getUntranslated()->language()->getId();
    215. 

  215.       foreach ($grants as $grant) {
    216. 

  216.         if ($realm && $realm != $grant['realm']) {
    217. 

  217.           continue;
    218. 

  218.         }
    219. 

  219.         if (isset($grant['langcode'])) {
    220. 

  220.           $grant_languages = [$grant['langcode'] => $this->languageManager->getLanguage($grant['langcode'])];
    221. 

  221.         }
    222. 

  222.         else {
    223. 

  223.           $grant_languages = $node->getTranslationLanguages(TRUE);
    224. 

  224.         }
    225. 

  225.         foreach ($grant_languages as $grant_langcode => $grant_language) {
    226. 

  226.           // Only write grants; denies are implicit.
    227. 

  227.           if ($grant['grant_view'] || $grant['grant_update'] || $grant['grant_delete']) {
    228. 

  228.             $grant['nid'] = $node->id();
    229. 

  229.             $grant['langcode'] = $grant_langcode;
    230. 

  230.             // The record with the original langcode is used as the fallback.
    231. 

  231.             if ($grant['langcode'] == $fallback_langcode) {
    232. 

  232.               $grant['fallback'] = 1;
    233. 

  233.             }
    234. 

  234.             else {
    235. 

  235.               $grant['fallback'] = 0;
    236. 

  236.             }
    237. 

  237.             $query->values($grant);
    238. 

  238.           }
    239. 

  239.         }
    240. 

  240.       }
    241. 

  241.       $query->execute();
    242. 

  242.     }
    243. 

  243.   }
    244. 

  244. 

  245.   /**
    246. 

  246.    * {@inheritdoc}
    247. 

  247.    */
    248. 

  248.   public function delete() {
    249. 

  249.     $this->database->truncate('node_access')->execute();
    250. 

  250.   }
    251. 

  251. 

  252.   /**
    253. 

  253.    * {@inheritdoc}
    254. 

  254.    */
    255. 

  255.   public function writeDefault() {
    256. 

  256.     $this->database->insert('node_access')
    257. 

  257.       ->fields([
    258. 

  258.           'nid' => 0,
    259. 

  259.           'realm' => 'all',
    260. 

  260.           'gid' => 0,
    261. 

  261.           'grant_view' => 1,
    262. 

  262.           'grant_update' => 0,
    263. 

  263.           'grant_delete' => 0,
    264. 

  264.         ])
    265. 

  265.       ->execute();
    266. 

  266.   }
    267. 

  267. 

  268.   /**
    269. 

  269.    * {@inheritdoc}
    270. 

  270.    */
    271. 

  271.   public function count() {
    272. 

  272.     return $this->database->query('SELECT COUNT(*) FROM {node_access}')->fetchField();
    273. 

  273.   }
    274. 

  274. 

  275.   /**
    276. 

  276.    * {@inheritdoc}
    277. 

  277.    */
    278. 

  278.   public function deleteNodeRecords(array $nids) {
    279. 

  279.     $this->database->delete('node_access')
    280. 

  280.       ->condition('nid', $nids, 'IN')
    281. 

  281.       ->execute();
    282. 

  282.   }
    283. 

  283. 

  284.   /**
    285. 

  285.    * Creates a query condition from an array of node access grants.
    286. 

  286.    *
    287. 

  287.    * @param array $node_access_grants
    288. 

  288.    *   An array of grants, as returned by node_access_grants().
    289. 

  289.    * @return \Drupal\Core\Database\Query\Condition
    290. 

  290.    *   A condition object to be passed to $query->condition().
    291. 

  291.    *
    292. 

  292.    * @see node_access_grants()
    293. 

  293.    */
    294. 

  294.   protected static function buildGrantsQueryCondition(array $node_access_grants) {
    295. 

  295.     $grants = new Condition("OR");
    296. 

  296.     foreach ($node_access_grants as $realm => $gids) {
    297. 

  297.       if (!empty($gids)) {
    298. 

  298.         $and = new Condition('AND');
    299. 

  299.         $grants->condition($and
    300. 

  300.           ->condition('gid', $gids, 'IN')
    301. 

  301.           ->condition('realm', $realm)
    302. 

  302.         );
    303. 

  303.       }
    304. 

  304.     }
    305. 

  305. 

  306.     return $grants;
    307. 

  307.   }
    308. 

  308. 

  309. }
    310.