Home Explore Help
Sign In
kevin
/
Popsu-coloque
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 23e66d3cb0
Branches Tags
Popsu-coloque
/
web
/
core
/
modules
/
comment
/
src
/
CommentAccessControlHandler.php

CommentAccessControlHandler.php 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\comment;
    4. 

  4. 

  5. use Drupal\Core\Access\AccessResult;
    6. 

  6. use Drupal\Core\Entity\EntityAccessControlHandler;
    7. 

  7. use Drupal\Core\Entity\EntityInterface;
    8. 

  8. use Drupal\Core\Field\FieldDefinitionInterface;
    9. 

  9. use Drupal\Core\Field\FieldItemListInterface;
    10. 

  10. use Drupal\Core\Session\AccountInterface;
    11. 

  11. 

  12. /**
    13. 

  13.  * Defines the access control handler for the comment entity type.
    14. 

  14.  *
    15. 

  15.  * @see \Drupal\comment\Entity\Comment
    16. 

  16.  */
    17. 

  17. class CommentAccessControlHandler extends EntityAccessControlHandler {
    18. 

  18. 

  19.   /**
    20. 

  20.    * {@inheritdoc}
    21. 

  21.    */
    22. 

  22.   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    23. 

  23.     /** @var \Drupal\comment\CommentInterface|\Drupal\user\EntityOwnerInterface $entity */
    24. 

  24. 

  25.     $comment_admin = $account->hasPermission('administer comments');
    26. 

  26.     if ($operation == 'approve') {
    27. 

  27.       return AccessResult::allowedIf($comment_admin && !$entity->isPublished())
    28. 

  28.         ->cachePerPermissions()
    29. 

  29.         ->addCacheableDependency($entity);
    30. 

  30.     }
    31. 

  31. 

  32.     if ($comment_admin) {
    33. 

  33.       $access = AccessResult::allowed()->cachePerPermissions();
    34. 

  34.       return ($operation != 'view') ? $access : $access->andIf($entity->getCommentedEntity()->access($operation, $account, TRUE));
    35. 

  35.     }
    36. 

  36. 

  37.     switch ($operation) {
    38. 

  38.       case 'view':
    39. 

  39.         $access_result = AccessResult::allowedIf($account->hasPermission('access comments') && $entity->isPublished())->cachePerPermissions()->addCacheableDependency($entity)
    40. 

  40.           ->andIf($entity->getCommentedEntity()->access($operation, $account, TRUE));
    41. 

  41.         if (!$access_result->isAllowed()) {
    42. 

  42.           $access_result->setReason("The 'access comments' permission is required and the comment must be published.");
    43. 

  43.         }
    44. 

  44. 

  45.         return $access_result;
    46. 

  46. 

  47.       case 'update':
    48. 

  48.         $access_result = AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))
    49. 

  49.           ->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
    50. 

  50.         if (!$access_result->isAllowed()) {
    51. 

  51.           $access_result->setReason("The 'edit own comments' permission is required, the user must be the comment author, and the comment must be published.");
    52. 

  52.         }
    53. 

  53.         return $access_result;
    54. 

  54. 

  55.       default:
    56. 

  56.         // No opinion.
    57. 

  57.         return AccessResult::neutral()->cachePerPermissions();
    58. 

  58.     }
    59. 

  59.   }
    60. 

  60. 

  61.   /**
    62. 

  62.    * {@inheritdoc}
    63. 

  63.    */
    64. 

  64.   protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    65. 

  65.     return AccessResult::allowedIfHasPermission($account, 'post comments');
    66. 

  66.   }
    67. 

  67. 

  68.   /**
    69. 

  69.    * {@inheritdoc}
    70. 

  70.    */
    71. 

  71.   protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
    72. 

  72.     if ($operation == 'edit') {
    73. 

  73.       // Only users with the "administer comments" permission can edit
    74. 

  74.       // administrative fields.
    75. 

  75.       $administrative_fields = [
    76. 

  76.         'uid',
    77. 

  77.         'status',
    78. 

  78.         'created',
    79. 

  79.         'date',
    80. 

  80.       ];
    81. 

  81.       if (in_array($field_definition->getName(), $administrative_fields, TRUE)) {
    82. 

  82.         return AccessResult::allowedIfHasPermission($account, 'administer comments');
    83. 

  83.       }
    84. 

  84. 

  85.       // No user can change read-only fields.
    86. 

  86.       $read_only_fields = [
    87. 

  87.         'hostname',
    88. 

  88.         'changed',
    89. 

  89.         'cid',
    90. 

  90.         'thread',
    91. 

  91.       ];
    92. 

  92.       // These fields can be edited during comment creation.
    93. 

  93.       $create_only_fields = [
    94. 

  94.         'comment_type',
    95. 

  95.         'uuid',
    96. 

  96.         'entity_id',
    97. 

  97.         'entity_type',
    98. 

  98.         'field_name',
    99. 

  99.         'pid',
    100. 

  100.       ];
    101. 

  101.       if ($items && ($entity = $items->getEntity()) && $entity->isNew() && in_array($field_definition->getName(), $create_only_fields, TRUE)) {
    102. 

  102.         // We are creating a new comment, user can edit create only fields.
    103. 

  103.         return AccessResult::allowedIfHasPermission($account, 'post comments')->addCacheableDependency($entity);
    104. 

  104.       }
    105. 

  105.       // We are editing an existing comment - create only fields are now read
    106. 

  106.       // only.
    107. 

  107.       $read_only_fields = array_merge($read_only_fields, $create_only_fields);
    108. 

  108.       if (in_array($field_definition->getName(), $read_only_fields, TRUE)) {
    109. 

  109.         return AccessResult::forbidden();
    110. 

  110.       }
    111. 

  111. 

  112.       // If the field is configured to accept anonymous contact details - admins
    113. 

  113.       // can edit name, homepage and mail. Anonymous users can also fill in the
    114. 

  114.       // fields on comment creation.
    115. 

  115.       if (in_array($field_definition->getName(), ['name', 'mail', 'homepage'], TRUE)) {
    116. 

  116.         if (!$items) {
    117. 

  117.           // We cannot make a decision about access to edit these fields if we
    118. 

  118.           // don't have any items and therefore cannot determine the Comment
    119. 

  119.           // entity. In this case we err on the side of caution and prevent edit
    120. 

  120.           // access.
    121. 

  121.           return AccessResult::forbidden();
    122. 

  122.         }
    123. 

  123.         $is_name = $field_definition->getName() === 'name';
    124. 

  124.         /** @var \Drupal\comment\CommentInterface $entity */
    125. 

  125.         $entity = $items->getEntity();
    126. 

  126.         $commented_entity = $entity->getCommentedEntity();
    127. 

  127.         $anonymous_contact = $commented_entity->get($entity->getFieldName())->getFieldDefinition()->getSetting('anonymous');
    128. 

  128.         $admin_access = AccessResult::allowedIfHasPermission($account, 'administer comments');
    129. 

  129.         $anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && ($anonymous_contact != CommentInterface::ANONYMOUS_MAYNOT_CONTACT || $is_name) && $account->hasPermission('post comments'))
    130. 

  130.           ->cachePerPermissions()
    131. 

  131.           ->addCacheableDependency($entity)
    132. 

  132.           ->addCacheableDependency($field_definition->getConfig($commented_entity->bundle()))
    133. 

  133.           ->addCacheableDependency($commented_entity);
    134. 

  134.         return $admin_access->orIf($anonymous_access);
    135. 

  135.       }
    136. 

  136.     }
    137. 

  137. 

  138.     if ($operation == 'view') {
    139. 

  139.       // Nobody has access to the hostname.
    140. 

  140.       if ($field_definition->getName() == 'hostname') {
    141. 

  141.         return AccessResult::forbidden();
    142. 

  142.       }
    143. 

  143.       // The mail field is hidden from non-admins.
    144. 

  144.       if ($field_definition->getName() == 'mail') {
    145. 

  145.         return AccessResult::allowedIfHasPermission($account, 'administer comments');
    146. 

  146.       }
    147. 

  147.     }
    148. 

  148.     return parent::checkFieldAccess($operation, $field_definition, $account, $items);
    149. 

  149.   }
    150. 

  150. 

  151. }
    152.