/** * Declare this module's structured permissions. * * A set of structured permissions is defined as a list of objects and a list * of verbs. The permissions are created by combining these. For example, the * list of node types and the verbs (create, edit, delete) form a grid of * permissions for operations on all the node types. * * This hook may be placed in the file MODULE.permissions.inc. * * @return * An array of data for object types that have multiple permissions associated * with them. The array keys are object machine names, eg, 'node' (though note * these need not be entities). * Values are arrays with the following properties: * - 'label': The human-readable label of the object type. * - 'objects': An array of the different objects of this type that have * their own permissions, for example, node types, which each provide * permissions such as 'create foo node types'. These will form the rows * of the permissions grid. The keys are the substrings of the permission * strings, and the values are human-readable labels. * - 'verb_groups': An array of one or more verb groups. Each verb group * defines a list of verbs and a pattern for the permissions using those * verbs. The verb groups keys are arbitrary (but using the name of the * providing module is a good idea for ease of alterability), and each * array has the following properties: * - 'verbs': An array of verbs. The keys are the 'machine names', that is, * the strings that are replaced into the pattern. The values may be * human-readable labels. Note that verb machine names must be unique * across all the verb groups for the object type. * - 'pattern': The pattern of the permissions machine name, with the * following replacements: * - '%verb': The verb of the permission. This takes all the keys in the * verbs array in this verb group. * - '%object': The object of the permission. This takes all the keys in * the objects array. * - 'object_process_callback' (optional) A function to process the object * name before replacing it into the pattern. (This is just a hack for * taxonomy to work.) */ function hook_permission_grid_info() { $return = array('node' => array('label' => t('Content type'), 'objects' => array(), 'verb_groups' => array('node' => array('pattern' => '%verb %object content', 'verbs' => array('create' => t('Create'), 'edit own' => t('Edit own'), 'edit any' => t('Edit any'), 'delete own' => t('Delete own'), 'delete any' => t('Delete any')))))); $node_types = node_type_get_types(); $configured_types = node_permissions_get_configured_types(); foreach ($configured_types as $type) { $return['node']['objects'][$type] = $node_types[$type]->name; } return $return; }
/** * Checks access to the node add page for the node type. * * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param \Drupal\node\NodeTypeInterface $node_type * (optional) The node type. If not specified, access is allowed if there * exists at least one node type for which the user may create a node. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(AccountInterface $account, NodeTypeInterface $node_type = NULL) { $access_controller = $this->entityManager->getAccessController('node'); // If checking whether a node of a particular type may be created. if ($node_type) { return $access_controller->createAccess($node_type->id(), $account) ? static::ALLOW : static::DENY; } // If checking whether a node of any type may be created. foreach (node_permissions_get_configured_types() as $node_type) { if ($access_controller->createAccess($node_type->id(), $account)) { return static::ALLOW; } } return static::DENY; }
/** * Overrides Drupal\configuration\Config\Configuration::alterDependencies(). */ public static function alterDependencies(Configuration $config) { if ($config->getComponent() == 'permission') { foreach (node_permissions_get_configured_types() as $type) { foreach (array_keys(node_list_permissions($type)) as $permission) { $data = $config->getData(); if ($permission == $data['permission']) { $content_type = ConfigurationManagement::createConfigurationInstance('content_type.' . $type); $config->addToDependencies($content_type); break; } } } } }
/** * Control access to a node. * * Modules may implement this hook if they want to have a say in whether or not * a given user has access to perform a given operation on a node. * * The administrative account (user ID #1) always passes any access check, * so this hook is not called in that case. Users with the "bypass node access" * permission may always view and edit content through the administrative * interface. * * Note that not all modules will want to influence access on all * node types. If your module does not want to actively grant or * block access, return NODE_ACCESS_IGNORE or simply return nothing. * Blindly returning FALSE will break other node access modules. * * @link http://api.drupal.org/api/group/node_access/7 More on the node access system @endlink * @ingroup node_access * @param $node * The node on which the operation is to be performed, or, if it does * not yet exist, the type of node to be created. * @param $op * The operation to be performed. Possible values: * - "create" * - "delete" * - "update" * - "view" * @param $account * A user object representing the user for whom the operation is to be * performed. * * @return * NODE_ACCESS_ALLOW if the operation is to be allowed; * NODE_ACCESS_DENY if the operation is to be denied; * NODE_ACCESSS_IGNORE to not affect this operation at all. */ function hook_node_access($node, $op, $account) { $type = is_string($node) ? $node : $node->type; if (in_array($type, node_permissions_get_configured_types())) { if ($op == 'create' && user_access('create ' . $type . ' content', $account)) { return NODE_ACCESS_ALLOW; } if ($op == 'update') { if (user_access('edit any ' . $type . ' content', $account) || user_access('edit own ' . $type . ' content', $account) && $account->uid == $node->uid) { return NODE_ACCESS_ALLOW; } } if ($op == 'delete') { if (user_access('delete any ' . $type . ' content', $account) || user_access('delete own ' . $type . ' content', $account) && $account->uid == $node->uid) { return NODE_ACCESS_ALLOW; } } } // Returning nothing from this function would have the same effect. return NODE_ACCESS_IGNORE; }
/** * Controls access to a node. * * Modules may implement this hook if they want to have a say in whether or not * a given user has access to perform a given operation on a node. * * The administrative account (user ID #1) always passes any access check, so * this hook is not called in that case. Users with the "bypass node access" * permission may always view and edit content through the administrative * interface. * * Note that not all modules will want to influence access on all node types. If * your module does not want to actively grant or block access, return * NODE_ACCESS_IGNORE or simply return nothing. Blindly returning FALSE will * break other node access modules. * * Also note that this function isn't called for node listings (e.g., RSS feeds, * the default home page at path 'node', a recent content block, etc.) See * @link node_access Node access rights @endlink for a full explanation. * * @param \Drupal\node\NodeInterface|string $node * Either a node entity or the machine name of the content type on which to * perform the access check. * @param string $op * The operation to be performed. Possible values: * - "create" * - "delete" * - "update" * - "view" * @param \Drupal\Core\Session\AccountInterface $account * The user object to perform the access check operation on. * @param object $langcode * The language code to perform the access check operation on. * * @return string * - NODE_ACCESS_ALLOW: if the operation is to be allowed. * - NODE_ACCESS_DENY: if the operation is to be denied. * - NODE_ACCESS_IGNORE: to not affect this operation at all. * * @ingroup node_access */ function hook_node_access(\Drupal\node\NodeInterface $node, $op, \Drupal\Core\Session\AccountInterface $account, $langcode) { $type = is_string($node) ? $node : $node->getType(); $configured_types = node_permissions_get_configured_types(); if (isset($configured_types[$type])) { if ($op == 'create' && $account->hasPermission('create ' . $type . ' content')) { return NODE_ACCESS_ALLOW; } if ($op == 'update') { if ($account->hasPermission('edit any ' . $type . ' content', $account) || $account->hasPermission('edit own ' . $type . ' content') && $account->id() == $node->getOwnerId()) { return NODE_ACCESS_ALLOW; } } if ($op == 'delete') { if ($account->hasPermission('delete any ' . $type . ' content', $account) || $account->hasPermission('delete own ' . $type . ' content') && $account->id() == $node->getOwnerId()) { return NODE_ACCESS_ALLOW; } } } // Returning nothing from this function would have the same effect. return NODE_ACCESS_IGNORE; }
/** * {@inheritdoc} */ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { $configured_types = node_permissions_get_configured_types(); if (isset($configured_types[$entity_bundle])) { return $account->hasPermission('create ' . $entity_bundle . ' content'); } }