diff --git a/permissions_by_term.module b/permissions_by_term.module
index e5c3f10..419d2d6 100644
--- a/permissions_by_term.module
+++ b/permissions_by_term.module
@@ -319,12 +319,11 @@ function permissions_by_term_form_alter(&$form, FormStateInterface $formState, $
$nid = null;
if (!empty($node = \Drupal::routeMatch()->getParameter('node'))) {
- $nid = $node->id();
/**
* @var AccessCheck $accessCheck
*/
$accessCheck = \Drupal::service('permissions_by_term.access_check');
- $accessResult = $accessCheck->handleNode($nid, $langcode);
+ $accessResult = $accessCheck->handleNode($node, $langcode);
if ($accessResult instanceof AccessResultForbidden) {
return $accessResult;
}
@@ -385,7 +384,7 @@ function permissions_by_term_node_access(NodeInterface $node, $op, AccountInterf
/* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck */
$accessCheck = \Drupal::service('permissions_by_term.access_check');
- $accessCheck->dispatchDeniedEventOnRestricedAccess($node->id(), $node->language()->getId());
+ $accessCheck->dispatchDeniedEventOnRestricedAccess($node, $node->language()->getId());
}
/**
diff --git a/src/Listener/KernelEventListener.php b/src/Listener/KernelEventListener.php
index 914e5f1..4088127 100644
--- a/src/Listener/KernelEventListener.php
+++ b/src/Listener/KernelEventListener.php
@@ -167,9 +167,9 @@ class KernelEventListener implements EventSubscriberInterface
private function handleAccessToNodePages(GetResponseEvent $event) {
// Restricts access to nodes (views/edit).
if ($this->canRequestGetNode($event->getRequest())) {
- $nid = $event->getRequest()->attributes->get('node')->get('nid')->getValue()['0']['value'];
- if (!$this->accessCheckService->canUserAccessByNodeId($nid, false, $this->accessStorageService->getLangCode($nid))) {
- $accessDeniedEvent = new PermissionsByTermDeniedEvent($nid);
+ $node = $event->getRequest()->attributes->get('node');
+ if (!$this->accessCheckService->canUserAccessByNode($node, false, $this->accessStorageService->getLangCode($node->id()))) {
+ $accessDeniedEvent = new PermissionsByTermDeniedEvent($node->id());
$this->eventDispatcher->dispatch(PermissionsByTermDeniedEvent::NAME, $accessDeniedEvent);
if ($this->disabledNodeAccessRecords) {
diff --git a/src/Service/AccessCheck.php b/src/Service/AccessCheck.php
index 47a006d..ee9381a 100644
--- a/src/Service/AccessCheck.php
+++ b/src/Service/AccessCheck.php
@@ -8,6 +8,7 @@ use Drupal\Core\Database\Connection;
use Drupal\permissions_by_term\Event\PermissionsByTermDeniedEvent;
use Drupal\taxonomy\Entity\Term;
use Drupal\user\Entity\User;
+use Drupal\node\Entity\Node;
/**
* AccessCheckService class.
@@ -37,14 +38,28 @@ class AccessCheck {
$this->eventDispatcher = $eventDispatcher;
}
- public function canUserAccessByNodeId($nid, $uid = FALSE, $langcode = ''): bool {
- $langcode = ($langcode === '') ? \Drupal::languageManager()->getCurrentLanguage()->getId() : $langcode;
+ public function canUserAccessByNode(Node $node, $uid = FALSE, $langcode = ''): bool {
+ $langcode = ($langcode === '') ? \Drupal::languageManager()->getCurrentLanguage()->getId() : $langcode;
if (empty($uid)) {
$uid = \Drupal::currentUser()->id();
}
$user = User::load($uid);
+
+ if ($user instanceof User && $user->hasPermission('view own unpublished content') &&
+ (int) $node->getOwnerId() === (int) $uid &&
+ !$node->isPublished()
+ ) {
+ return TRUE;
+ }
+
+ if ($user instanceof User && $user->hasPermission('view any unpublished content') &&
+ !$node->isPublished()
+ ) {
+ return TRUE;
+ }
+
if ($user instanceof User && $user->hasPermission('bypass node access')) {
return TRUE;
}
@@ -60,7 +75,7 @@ class AccessCheck {
$terms = $this->database
->query("SELECT tid FROM {taxonomy_index} WHERE nid = :nid",
- [':nid' => $nid])->fetchAll();
+ [':nid' => $node->id()])->fetchAll();
if (empty($terms) && !$configPermissionMode) {
return TRUE;
@@ -188,11 +203,11 @@ class AccessCheck {
}
- public function handleNode($nodeId, string $langcode): AccessResult {
+ public function handleNode(Node $node, string $langcode): AccessResult {
$result = AccessResult::neutral();
- if (!$this->canUserAccessByNodeId($nodeId, false, $langcode)) {
- $this->dispatchDeniedEvent($nodeId);
+ if (!$this->canUserAccessByNode($node, false, $langcode)) {
+ $this->dispatchDeniedEvent($node->id());
$result = AccessResult::forbidden();
}
@@ -200,9 +215,9 @@ class AccessCheck {
return $result;
}
- public function dispatchDeniedEventOnRestricedAccess($nodeId, string $langcode): void {
- if (!$this->canUserAccessByNodeId($nodeId, false, $langcode)) {
- $this->dispatchDeniedEvent($nodeId);
+ public function dispatchDeniedEventOnRestricedAccess(Node $node, string $langcode): void {
+ if (!$this->canUserAccessByNode($node, false, $langcode)) {
+ $this->dispatchDeniedEvent($node->id());
}
}
diff --git a/src/Service/AccessStorage.php b/src/Service/AccessStorage.php
index 34267d0..0e516b3 100644
--- a/src/Service/AccessStorage.php
+++ b/src/Service/AccessStorage.php
@@ -8,6 +8,7 @@ use Drupal\Core\Form\FormState;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Logger\LoggerChannelInterface;
use Drupal\Core\Session\AccountInterface;
+use Drupal\node\Entity\Node;
use Drupal\permissions_by_term\Cache\KeyValueCache;
use Drupal\user\Entity\Role;
use Drupal\user\Entity\User;
@@ -645,7 +646,7 @@ class AccessStorage {
if (\Drupal::config('permissions_by_term.settings')->get('require_all_terms_granted')) {
$permittedNids = [];
foreach ($nidsByTids as $nid) {
- if($this->accessCheck->canUserAccessByNodeId($nid, $user->id(), $this->getLangCode($nid))) {
+ if($this->accessCheck->canUserAccessByNode(Node::load($nid), $user->id(), $this->getLangCode($nid))) {
$permittedNids[] = $nid;
}
}
diff --git a/tests/phpunit.xml.dist b/tests/phpunit.xml.dist
index cae7de4..b68105b 100644
--- a/tests/phpunit.xml.dist
+++ b/tests/phpunit.xml.dist
@@ -29,15 +29,11 @@
./src/Unit
-
-
./src/Kernel
-
-
./../modules/permissions_by_entity/tests/src/Kernel
diff --git a/tests/src/Kernel/AccessCheckTest.php b/tests/src/Kernel/AccessCheckTest.php
index ec33455..6e0e9e5 100644
--- a/tests/src/Kernel/AccessCheckTest.php
+++ b/tests/src/Kernel/AccessCheckTest.php
@@ -31,7 +31,7 @@ class AccessCheckTest extends PBTKernelTestBase {
$this->createRelationAllGrantedTerms();
\Drupal::configFactory()->getEditable('permissions_by_term.settings')->set('require_all_terms_granted', FALSE)->save();
- $this->assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidOneGrantedTerm()));
+ $this->assertTrue($this->accessCheck->canUserAccessByNode(Node::load($this->getNidOneGrantedTerm())));
node_access_rebuild();
@@ -54,7 +54,7 @@ class AccessCheckTest extends PBTKernelTestBase {
$this->createRelationNoGrantedTerm();
\Drupal::configFactory()->getEditable('permissions_by_term.settings')->set('require_all_terms_granted', FALSE)->save();
- $this->assertFalse($this->accessCheck->canUserAccessByNodeId($this->getNidNoGrantedTerm()));
+ $this->assertFalse($this->accessCheck->canUserAccessByNode(Node::load($this->getNidNoGrantedTerm())));
node_access_rebuild();
@@ -77,7 +77,7 @@ class AccessCheckTest extends PBTKernelTestBase {
$this->createRelationWithoutRestriction();
\Drupal::configFactory()->getEditable('permissions_by_term.settings')->set('require_all_terms_granted', FALSE)->save();
- $this->assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidNoRestriction()));
+ $this->assertTrue($this->accessCheck->canUserAccessByNode(Node::load($this->getNidNoRestriction())));
node_access_rebuild();
@@ -101,7 +101,7 @@ class AccessCheckTest extends PBTKernelTestBase {
$this->createRelationAllGrantedTerms();
\Drupal::configFactory()->getEditable('permissions_by_term.settings')->set('require_all_terms_granted', TRUE)->save();
- $this->assertFalse($this->accessCheck->canUserAccessByNodeId($this->getNidOneGrantedTerm()));
+ $this->assertFalse($this->accessCheck->canUserAccessByNode(Node::load($this->getNidOneGrantedTerm())));
node_access_rebuild();
@@ -124,7 +124,7 @@ class AccessCheckTest extends PBTKernelTestBase {
$this->createRelationWithoutRestriction();
\Drupal::configFactory()->getEditable('permissions_by_term.settings')->set('require_all_terms_granted', TRUE)->save();
- $this->assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidOneGrantedTerm()));
+ $this->assertFalse($this->accessCheck->canUserAccessByNode(Node::load($this->getNidNoRestriction())));
node_access_rebuild();
@@ -182,7 +182,7 @@ class AccessCheckTest extends PBTKernelTestBase {
]);
$node->save();
- self::assertFalse($this->accessCheck->canUserAccessByNodeId($node->id(), 0));
+ self::assertFalse($this->accessCheck->canUserAccessByNode($node, 0));
}
public function testBypassNodeAccess(): void {
@@ -211,7 +211,7 @@ class AccessCheckTest extends PBTKernelTestBase {
$node->save();
$this->accessStorage->addTermPermissionsByUserIds([99], $term->id(), 'de');
- $this->assertFalse($this->accessCheck->canUserAccessByNodeId($node->id(), \Drupal::currentUser()->id(), 'de'));
+ $this->assertFalse($this->accessCheck->canUserAccessByNode($node, \Drupal::currentUser()->id(), 'de'));
$editorRole = Role::create(['id' => 'editor']);
$editorRole->grantPermission('bypass node access');
@@ -225,7 +225,7 @@ class AccessCheckTest extends PBTKernelTestBase {
$accountSwitcher = \Drupal::service('account_switcher');
$accountSwitcher->switchTo($user);
- $this->assertTrue($this->accessCheck->canUserAccessByNodeId($node->id(), \Drupal::currentUser()->id(), 'de'));
+ $this->assertTrue($this->accessCheck->canUserAccessByNode($node, \Drupal::currentUser()->id(), 'de'));
}
}
diff --git a/tests/src/Kernel/MultilingualTest.php b/tests/src/Kernel/MultilingualTest.php
index 7519fdf..3ecb68c 100644
--- a/tests/src/Kernel/MultilingualTest.php
+++ b/tests/src/Kernel/MultilingualTest.php
@@ -10,6 +10,7 @@ use Drupal\taxonomy\Entity\Vocabulary;
use Drupal\Tests\taxonomy\Traits\TaxonomyTestTrait;
use Drupal\user\Entity\User;
+
/**
* @group permissions_by_term
*/
@@ -56,7 +57,7 @@ class MultilingualTest extends PBTKernelTestBase {
$node->save();
$this->accessStorage->addTermPermissionsByUserIds([\Drupal::service('current_user')->id()], $term->id(), 'de');
- $this->assertTrue($this->accessCheck->canUserAccessByNodeId($node->id()));
+ $this->assertTrue($this->accessCheck->canUserAccessByNode(Node::load($node->id())));
}
public function testCanNotAccess() {
@@ -70,9 +71,9 @@ class MultilingualTest extends PBTKernelTestBase {
*/
$user = user_load_by_name('some_username123');
- $this->assertTrue($this->accessCheck->canUserAccessByNodeId($node->id(), \Drupal::service('current_user')->id()));
- $this->assertFalse($this->accessCheck->canUserAccessByNodeId($nodeDe->id(), \Drupal::service('current_user')->id(), 'de'));
- $this->assertTrue($this->accessCheck->canUserAccessByNodeId($nodeDe->id(), $user->id(), 'de'));
+ $this->assertTrue($this->accessCheck->canUserAccessByNode($node, \Drupal::service('current_user')->id()));
+ $this->assertFalse($this->accessCheck->canUserAccessByNode($nodeDe, \Drupal::service('current_user')->id(), 'de'));
+ $this->assertTrue($this->accessCheck->canUserAccessByNode($nodeDe, $user->id(), 'de'));
}
private function setupEntities() {
diff --git a/tests/src/Kernel/PermissionModeTest.php b/tests/src/Kernel/PermissionModeTest.php
index dfd1902..a7bf31b 100644
--- a/tests/src/Kernel/PermissionModeTest.php
+++ b/tests/src/Kernel/PermissionModeTest.php
@@ -25,14 +25,14 @@ class PermissionModeTest extends PBTKernelTestBase {
public function testCanUserAccessByNodeId(): void {
$this->createRelationWithoutRestriction();
self::assertInternalType('string', $this->getNidNoRestriction());
- self::assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidNoRestriction()));
+ self::assertTrue($this->accessCheck->canUserAccessByNode(Node::load($this->getNidNoRestriction())));
\Drupal::configFactory()
->getEditable('permissions_by_term.settings')
->set('permission_mode', TRUE)
->save();
- self::assertFalse($this->accessCheck->canUserAccessByNodeId($this->getNidNoRestriction()));
+ self::assertFalse($this->accessCheck->canUserAccessByNode(Node::load($this->getNidNoRestriction())));
- self::assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidNoRestriction(), 1), 'Admin user is not allowed. But this user must be allowed.');
+ self::assertTrue($this->accessCheck->canUserAccessByNode(Node::load($this->getNidNoRestriction()), 1), 'Admin user is not allowed. But this user must be allowed.');
}
public function testCanAdminUserAccessByNodeId(): void {
@@ -41,7 +41,7 @@ class PermissionModeTest extends PBTKernelTestBase {
->getEditable('permissions_by_term.settings')
->set('permission_mode', TRUE)
->save();
- self::assertTrue($this->accessCheck->canUserAccessByNodeId($this->getNidNoRestriction(), 1), 'Admin user is not allowed. But this user must be allowed.');
+ self::assertTrue($this->accessCheck->canUserAccessByNode(Node::load($this->getNidNoRestriction()), 1), 'Admin user is not allowed. But this user must be allowed.');
}
public function testHandleNode(): void {
@@ -49,12 +49,12 @@ class PermissionModeTest extends PBTKernelTestBase {
self::assertInternalType('string', $this->getNidNoRestriction());
$node = Node::load($this->getNidNoRestriction());
- self::assertInstanceOf(AccessResultNeutral::class, $this->accessCheck->handleNode($node->id(), $node->language()->getId()));
+ self::assertInstanceOf(AccessResultNeutral::class, $this->accessCheck->handleNode($node, $node->language()->getId()));
\Drupal::configFactory()
->getEditable('permissions_by_term.settings')
->set('permission_mode', TRUE)
->save();
- self::assertInstanceOf(AccessResultForbidden::class, $this->accessCheck->handleNode($node->id(), $node->language()->getId()));
+ self::assertInstanceOf(AccessResultForbidden::class, $this->accessCheck->handleNode($node, $node->language()->getId()));
}
public function testHandleNodeAsAdmin(): void {
@@ -66,7 +66,7 @@ class PermissionModeTest extends PBTKernelTestBase {
->save();
\Drupal::service('current_user')->setAccount(User::load(1));
- self::assertInstanceOf(AccessResultNeutral::class, $this->accessCheck->handleNode($node->id(), $node->language()->getId()), 'Admin user is not allowed. But this user must be allowed.');
+ self::assertInstanceOf(AccessResultNeutral::class, $this->accessCheck->handleNode($node, $node->language()->getId()), 'Admin user is not allowed. But this user must be allowed.');
}
public function testNodeAccessRecordCreation(): void {