/**
* Set permissions for a node to be written to the database.
*
* When a node is saved, a module implementing hook_node_access_records() will
* be asked if it is interested in the access permissions for a node. If it is
* interested, it must respond with an array of permissions arrays for that
* node.
*
* Node access grants apply regardless of the published or unpublished status
* of the node. Implementations must make sure not to grant access to
* unpublished nodes if they don't want to change the standard access control
* behavior. Your module may need to create a separate access realm to handle
* access to unpublished nodes.
*
* Note that the grant values in the return value from your hook must be
* integers and not boolean TRUE and FALSE.
*
* Each permissions item in the array is an array with the following elements:
* - 'realm': The name of a realm that the module has defined in
* hook_node_grants().
* - 'gid': A 'grant ID' from hook_node_grants().
* - 'grant_view': If set to 1 a user that has been identified as a member
* of this gid within this realm can view this node. This should usually be
* set to $node->isPublished(). Failure to do so may expose unpublished content
* to some users.
* - 'grant_update': If set to 1 a user that has been identified as a member
* of this gid within this realm can edit this node.
* - 'grant_delete': If set to 1 a user that has been identified as a member
* of this gid within this realm can delete this node.
* - langcode: (optional) The language code of a specific translation of the
* node, if any. Modules may add this key to grant different access to
* different translations of a node, such that (e.g.) a particular group is
* granted access to edit the Catalan version of the node, but not the
* Hungarian version. If no value is provided, the langcode is set
* automatically from the $node parameter and the node's original language (if
* specified) is used as a fallback. Only specify multiple grant records with
* different languages for a node if the site has those languages configured.
*
* A "deny all" grant may be used to deny all access to a particular node or
* node translation:
* @code
* $grants[] = array(
* 'realm' => 'all',
* 'gid' => 0,
* 'grant_view' => 0,
* 'grant_update' => 0,
* 'grant_delete' => 0,
* 'langcode' => 'ca',
* );
* @endcode
* Note that another module node access module could override this by granting
* access to one or more nodes, since grants are additive. To enforce that
* access is denied in a particular case, use hook_node_access_records_alter().
* Also note that a deny all is not written to the database; denies are
* implicit.
*
* @param \Drupal\node\NodeInterface $node
* The node that has just been saved.
*
* @return
* An array of grants as defined above.
*
* @see hook_node_access_records_alter()
* @ingroup node_access
*/
function hook_node_access_records(\Drupal\node\NodeInterface $node)
{
// We only care about the node if it has been marked private. If not, it is
// treated just like any other node and we completely ignore it.
if ($node->private->value) {
$grants = array();
// Only published Catalan translations of private nodes should be viewable
// to all users. If we fail to check $node->isPublished(), all users would be able
// to view an unpublished node.
if ($node->isPublished()) {
$grants[] = array('realm' => 'example', 'gid' => 1, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0, 'langcode' => 'ca');
}
// For the example_author array, the GID is equivalent to a UID, which
// means there are many groups of just 1 user.
// Note that an author can always view his or her nodes, even if they
// have status unpublished.
if ($node->getOwnerId()) {
$grants[] = array('realm' => 'example_author', 'gid' => $node->getOwnerId(), 'grant_view' => 1, 'grant_update' => 1, 'grant_delete' => 1, 'langcode' => 'ca');
}
return $grants;
}
}
