/**
  * Checks the node grants for the given operation.
  *
  * @param string $operation
  *   The operation to check the node grants for.
  *
  * @return string
  *   The string representation of the cache context.
  */
 protected function checkNodeGrants($operation)
 {
     // When checking the grants for the 'view' operation and the current user
     // has a global view grant (i.e. a view grant for node ID 0) — note that
     // this is automatically the case if no node access modules exist (no
     // hook_node_grants() implementations) then we don't need to determine the
     // exact node view grants for the current user.
     if ($operation === 'view' && node_access_view_all_nodes($this->user)) {
         return 'view.all';
     }
     $grants = node_access_grants($operation, $this->user);
     $grants_context_parts = [];
     foreach ($grants as $realm => $gids) {
         $grants_context_parts[] = $realm . ':' . implode(',', $gids);
     }
     return $operation . '.' . implode(';', $grants_context_parts);
 }
Exemple #2
0
/**
 * Perform alterations to a structured query for a given tag.
 *
 * @param $query
 *   An Query object describing the composite parts of a SQL query.
 *
 * @see hook_query_alter()
 * @see node_query_node_access_alter()
 * @see QueryAlterableInterface
 * @see SelectQueryInterface
 */
function hook_query_TAG_alter(QueryAlterableInterface $query)
{
    // Skip the extra expensive alterations if site has no node access control modules.
    if (!node_access_view_all_nodes()) {
        // Prevent duplicates records.
        $query->distinct();
        // The recognized operations are 'view', 'update', 'delete'.
        if (!($op = $query->getMetaData('op'))) {
            $op = 'view';
        }
        // Skip the extra joins and conditions for node admins.
        if (!user_access('bypass node access')) {
            // The node_access table has the access grants for any given node.
            $access_alias = $query->join('node_access', 'na', '%alias.nid = n.nid');
            $or = db_or();
            // If any grant exists for the specified user, then user has access to the node for the specified operation.
            foreach (node_access_grants($op, $query->getMetaData('account')) as $realm => $gids) {
                foreach ($gids as $gid) {
                    $or->condition(db_and()->condition($access_alias . '.gid', $gid)->condition($access_alias . '.realm', $realm));
                }
            }
            if (count($or->conditions())) {
                $query->condition($or);
            }
            $query->condition($access_alias . 'grant_' . $op, 1, '>=');
        }
    }
}