/**
* Tests retaining of node form submissions containing profanity.
*/
function testRetain()
{
$this->drupalLogin($this->adminUser);
$this->setProtectionUI('node_article_form', FormInterface::MOLLOM_MODE_ANALYSIS, NULL, ['checks[profanity]' => TRUE, 'discard' => 0]);
$this->drupalLogout();
// Login and submit a node.
$this->drupalLogin($this->webUser);
$this->drupalGet('node/add/article');
$edit = ['title[0][value]' => 'profanity', 'body[0][value]' => 'ham profanity'];
$this->drupalPostForm(NULL, $edit, t('Save'));
$this->node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
debug($this->node, 'node');
$this->assertFalse($this->node->isPublished(), t('Node containing profanity was retained as unpublished.'));
$this->assertUrl('node/' . $this->node->id());
$this->assertMollomData('node', $this->node->id());
}
/**
* {@inheritdoc}
*/
public function access(NodeInterface $node, $operation, $langcode, AccountInterface $account)
{
// If no module implements the hook or the node does not have an id there is
// no point in querying the database for access grants.
if (!$this->moduleHandler->getImplementations('node_grants') || !$node->id()) {
return;
}
// Check the database for potential access grants.
$query = $this->database->select('node_access');
$query->addExpression('1');
// Only interested for granting in the current operation.
$query->condition('grant_' . $operation, 1, '>=');
// Check for grants for this node and the correct langcode.
$nids = $query->andConditionGroup()->condition('nid', $node->id())->condition('langcode', $langcode);
// If the node is published, also take the default grant into account. The
// default is saved with a node ID of 0.
$status = $node->isPublished();
if ($status) {
$nids = $query->orConditionGroup()->condition($nids)->condition('nid', 0);
}
$query->condition($nids);
$query->range(0, 1);
$grants = static::buildGrantsQueryCondition(node_access_grants($operation, $account));
if (count($grants) > 0) {
$query->condition($grants);
}
return $query->execute()->fetchField();
}
public function nodeGreeting(NodeInterface $node)
{
if ($node->isPublished()) {
$formatted = $node->body->processed;
foreach ($node->field_tags as $tag) {
$terms[] = $tag->entity->label();
}
return ['#theme' => 'greeting_node', '#title' => $node->label() . ' (' . $node->bundle() . ')', '#body' => $formatted, '#name' => $node->getOwner()->label(), '#terms' => $terms];
}
return ['#markup' => $this->t('Not published')];
}
public function nodeHug(NodeInterface $node)
{
if ($node->isPublished()) {
// These are the same!
$body = $node->body->value;
$body = $node->body[0]->value;
// But we really want...
$formatted = $node->body->processed;
$terms = [];
foreach ($node->field_tags as $tag) {
$terms[] = $tag->entity->label();
}
$message = $this->t('Everyone hug @name because @reasons!', ['@name' => $node->getOwner()->label(), '@reasons' => implode(', ', $terms)]);
return ['#title' => $node->label() . ' (' . $node->bundle() . ')', '#markup' => $message . $formatted];
}
return $this->t('Not published');
}
/**
* {@inheritdoc}
*/
public function access(NodeInterface $node, $operation, $langcode, AccountInterface $account)
{
// If no module implements the hook or the node does not have an id there is
// no point in querying the database for access grants.
if (!$this->moduleHandler->getImplementations('node_grants') || !$node->id()) {
// No opinion.
return AccessResult::neutral();
}
// Check the database for potential access grants.
$query = $this->database->select('node_access');
$query->addExpression('1');
// Only interested for granting in the current operation.
$query->condition('grant_' . $operation, 1, '>=');
// Check for grants for this node and the correct langcode.
$nids = $query->andConditionGroup()->condition('nid', $node->id())->condition('langcode', $langcode);
// If the node is published, also take the default grant into account. The
// default is saved with a node ID of 0.
$status = $node->isPublished();
if ($status) {
$nids = $query->orConditionGroup()->condition($nids)->condition('nid', 0);
}
$query->condition($nids);
$query->range(0, 1);
$grants = static::buildGrantsQueryCondition(node_access_grants($operation, $account));
if (count($grants) > 0) {
$query->condition($grants);
}
// Only the 'view' node grant can currently be cached; the others currently
// don't have any cacheability metadata. Hopefully, we can add that in the
// future, which would allow this access check result to be cacheable in all
// cases. For now, this must remain marked as uncacheable, even when it is
// theoretically cacheable, because we don't have the necessary metadata to
// know it for a fact.
$set_cacheability = function (AccessResult $access_result) use($operation) {
$access_result->addCacheContexts(['user.node_grants:' . $operation]);
if ($operation !== 'view') {
$access_result->setCacheable(FALSE);
}
return $access_result;
};
if ($query->execute()->fetchField()) {
return $set_cacheability(AccessResult::allowed());
} else {
return $set_cacheability(AccessResult::forbidden());
}
}
/**
* Discussed at 47:00 in https://www.youtube.com/watch?v=8vwC_01KFLo
* @param NodeInterface $node
* @return type
*/
public function nodeMyHug(NodeInterface $node)
{
if ($node->isPublished()) {
// These are the same! BUT DO NOT USE! (See below)
$body = $node->body->value;
// works even when body is multi-valued (gets the first one)
$body = $node->body[0]->value;
// works even when body is single-valued (gets the only one)
// But we really want the processed value, which has been run through drupal's filters
$formatted = $node->body->processed;
$terms = [];
foreach ($node->field_tags as $tag) {
$terms[] = $tag->entity->label();
}
$message = $this->t('Everyone give @name a my_hug because @reasons!', ['@name' => $node->getOwner()->label(), '@reasons' => implode(', ', $terms)]);
return ['#title' => $node->label() . ' (' . $node->bundle() . ')', '#markup' => $message . $formatted];
}
return $this->t('Not published');
}
/**
* Set permissions for a node to be written to the database.
*
* When a node is saved, a module implementing hook_node_access_records() will
* be asked if it is interested in the access permissions for a node. If it is
* interested, it must respond with an array of permissions arrays for that
* node.
*
* Node access grants apply regardless of the published or unpublished status
* of the node. Implementations must make sure not to grant access to
* unpublished nodes if they don't want to change the standard access control
* behavior. Your module may need to create a separate access realm to handle
* access to unpublished nodes.
*
* Note that the grant values in the return value from your hook must be
* integers and not boolean TRUE and FALSE.
*
* Each permissions item in the array is an array with the following elements:
* - 'realm': The name of a realm that the module has defined in
* hook_node_grants().
* - 'gid': A 'grant ID' from hook_node_grants().
* - 'grant_view': If set to 1 a user that has been identified as a member
* of this gid within this realm can view this node. This should usually be
* set to $node->isPublished(). Failure to do so may expose unpublished content
* to some users.
* - 'grant_update': If set to 1 a user that has been identified as a member
* of this gid within this realm can edit this node.
* - 'grant_delete': If set to 1 a user that has been identified as a member
* of this gid within this realm can delete this node.
* - langcode: (optional) The language code of a specific translation of the
* node, if any. Modules may add this key to grant different access to
* different translations of a node, such that (e.g.) a particular group is
* granted access to edit the Catalan version of the node, but not the
* Hungarian version. If no value is provided, the langcode is set
* automatically from the $node parameter and the node's original language (if
* specified) is used as a fallback. Only specify multiple grant records with
* different languages for a node if the site has those languages configured.
*
* A "deny all" grant may be used to deny all access to a particular node or
* node translation:
* @code
* $grants[] = array(
* 'realm' => 'all',
* 'gid' => 0,
* 'grant_view' => 0,
* 'grant_update' => 0,
* 'grant_delete' => 0,
* 'langcode' => 'ca',
* );
* @endcode
* Note that another module node access module could override this by granting
* access to one or more nodes, since grants are additive. To enforce that
* access is denied in a particular case, use hook_node_access_records_alter().
* Also note that a deny all is not written to the database; denies are
* implicit.
*
* @param \Drupal\node\NodeInterface $node
* The node that has just been saved.
*
* @return
* An array of grants as defined above.
*
* @see hook_node_access_records_alter()
* @ingroup node_access
*/
function hook_node_access_records(\Drupal\node\NodeInterface $node)
{
// We only care about the node if it has been marked private. If not, it is
// treated just like any other node and we completely ignore it.
if ($node->private->value) {
$grants = array();
// Only published Catalan translations of private nodes should be viewable
// to all users. If we fail to check $node->isPublished(), all users would be able
// to view an unpublished node.
if ($node->isPublished()) {
$grants[] = array('realm' => 'example', 'gid' => 1, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0, 'langcode' => 'ca');
}
// For the example_author array, the GID is equivalent to a UID, which
// means there are many groups of just 1 user.
// Note that an author can always view his or her nodes, even if they
// have status unpublished.
if ($node->getOwnerId()) {
$grants[] = array('realm' => 'example_author', 'gid' => $node->getOwnerId(), 'grant_view' => 1, 'grant_update' => 1, 'grant_delete' => 1, 'langcode' => 'ca');
}
return $grants;
}
}
/**
* Checks if a node is published.
*
* @param \Drupal\node\NodeInterface $node
* The node to check.
*
* @return bool
* TRUE if the node is published.
*/
protected function doEvaluate(NodeInterface $node)
{
return $node->isPublished();
}
