/** * {@inheritdoc} */ public function entityQueryAlter(SelectInterface $query) { $tables = $query->getTables(); $data_table = 'comment_field_data'; if (!isset($tables['comment_field_data']['alias'])) { // If no conditions join against the comment data table, it should be // joined manually to allow node access processing. $query->innerJoin($data_table, NULL, "base_table.cid = {$data_table}.cid AND {$data_table}.default_langcode = 1"); } // The Comment module doesn't implement any proper comment access, // and as a consequence doesn't make sure that comments cannot be viewed // when the user doesn't have access to the node. $node_alias = $query->innerJoin('node_field_data', 'n', '%alias.nid = ' . $data_table . '.entity_id AND ' . $data_table . ".entity_type = 'node'"); // Pass the query to the node access control. $this->reAlterQuery($query, 'node_access', $node_alias); // Passing the query to node_query_node_access_alter() is sadly // insufficient for nodes. // @see SelectionEntityTypeNode::entityQueryAlter() if (!\Drupal::currentUser()->hasPermission('bypass node access') && !count(\Drupal::moduleHandler()->getImplementations('node_grants'))) { $query->condition($node_alias . '.status', 1); } }
public function innerJoin($table, $alias = NULL, $condition = NULL, $arguments = array()) { return $this->query->innerJoin($table, $alias, $condition, $arguments); }