diff --git a/content_access.admin.inc b/content_access.admin.inc
deleted file mode 100644
index 2121f7b..0000000
--- a/content_access.admin.inc
+++ /dev/null
@@ -1,165 +0,0 @@
-getStorage();
- content_access_delete_per_node_settings($storage['node']);
- \Drupal::entityManager()->getAccessControlHandler('node')->writeGrants($storage['node']);
-
- drupal_set_message(t('The permissions have been reseted to the content type defaults.'));
-}
-
-
-/**
- * Mass updates node access records for nodes of the given types.
- * @param $types
- * An array of content type names.
- * @return
- * Whether the operation has been processed successfully (TRUE) or postponed (FALSE).
- */
-function content_access_mass_update($types) {
- $q = db_select('node', 'n')
- ->fields('n', array('nid'))
- ->condition('n.type', $types, 'IN');
-
- $count = $q->countQuery()->execute()->fetchField();
-
- node_access_needs_rebuild(TRUE);
-
- // If there not too much nodes affected, try to do it.
- if ($count <= CONTENT_ACCESS_MASS_UPDATE_THRESHOLD) {
- $records = $q->execute();
- foreach ($records as $node) {
- $node = Node::load($node->nid);
- \Drupal::entityManager()->getAccessControlHandler('node')->writeGrants($node);
- }
-
- foreach (Cache::getBins() as $service_id => $cache_backend) {
- $cache_backend->deleteAll();
- }
-
- node_access_needs_rebuild(FALSE);
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * Saves the given permissions by role to the database.
- */
-function content_access_save_permissions($roles_permissions) {
- foreach ($roles_permissions as $rid => $permissions) {
- user_role_change_permissions($rid, $permissions);
- }
-}
-
-/**
- * Builds the role based permission form for the given defaults.
- *
- * @param $defaults
- * Array of defaults for all operations.
- */
-function content_access_role_based_form(&$form, $defaults = array(), $type = NULL) {
- $form['per_role'] = array(
- '#type' => 'fieldset',
- '#title' => t('Role based access control settings'),
- '#collapsible' => TRUE,
- '#description' => t('Note that users need at least the %access_content permission to be able to deal in any way with content.', array('%access_content' => t('access content'))) .
- ' ' . t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %administer_nodes permission.', array('@published' => t('published'), '%administer_nodes' => t('administer nodes'))),
- );
-
- $operations = _content_access_get_operations($type);
- $user_roles = Role::loadMultiple();
- $roles = array();
- foreach ($user_roles as $role) {
- $roles[$role->id()] = $role->get('label');
- }
- foreach ($operations as $op => $label) {
- // Make sure defaults are set properly
- $defaults += array($op => array());
-
- $form['per_role'][$op] = array(
- '#type' => 'checkboxes',
- '#prefix' => '',
- '#suffix' => '
',
- '#options' => $roles,
- '#title' => $label,
- '#default_value' => $defaults[$op],
- );
- }
-
- $form['per_role']['clearer'] = array(
- '#value' => '
',
- );
-
- $form['#attached']['library'][] = 'content_access/drupal.content_access';
-
- return $form;
-}
-
-/**
- * Formapi #after_build callback, that disables checkboxes for roles without access to content.
- */
-function content_access_force_permissions($element, FormStateInterface $form_state) {
- $storage = $form_state->getStorage();
- if (!empty($storage['node'])) {
- $node = $storage['node'];
- foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
- foreach (content_access_get_settings($op, $node->getType()) as $rid) {
- $element[$op][$rid]['#disabled'] = TRUE;
- $element[$op][$rid]['#attributes']['disabled'] = 'disabled';
- $element[$op][$rid]['#value'] = TRUE;
- $element[$op][$rid]['#checked'] = TRUE;
- $element[$op][$rid]['#prefix'] = ' t("Permission is granted due to the content type's access control settings."))) . '>';
- $element[$op][$rid]['#suffix'] = "";
- }
- }
- }
- return $element;
-}
-
-/**
- * Submit callback for the user permissions form.
- * Trigger changes to node permissions to rebuild our grants.
- */
-function content_access_user_admin_perm_submit($form, FormStateInterface $form_state) {
- // Check for each content type, which has per node access activated
- // whether permissions have been changed.
- $types = array();
- foreach (array_filter(content_access_get_settings('per_node', 'all')) as $type => $value) {
- foreach (_content_access_get_node_permissions($type) as $perm) {
- foreach (user_roles() as $rid => $role) {
- $values = $form_state->getValues();
- if (isset($values[$rid]) && in_array($perm, $form['checkboxes'][$rid]['#default_value']) != in_array($perm, $values[$rid])) {
- //permission changed!
- $types[$type] = node_type_get_names();
- continue 2;
- }
- }
- }
- }
- if ($types && content_access_mass_update(array_keys($types))) {
- drupal_set_message(\Drupal::translation()->formatPlural(count($types),
- 'Permissions have been successfully rebuilt for the content type @types.',
- 'Permissions have been successfully rebuilt for the content types @types.',
- array('@types' => implode(', ', $types))
- ));
- }
-}
diff --git a/content_access.module b/content_access.module
index dc7edce..d5f75ac 100644
--- a/content_access.module
+++ b/content_access.module
@@ -5,12 +5,19 @@
* Content access module file.
*/
+/**
+ * Specifies the threshold until we try to mass update node grants immediately.
+ */
+define('CONTENT_ACCESS_MASS_UPDATE_THRESHOLD', 1000);
+
use Drupal\Core\Session\AccountInterface;
+use Drupal\Core\Database\Database;
use Drupal\node\NodeInterface;
use Drupal\node\NodeTypeInterface;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\Element;
+use Drupal\Core\Cache\Cache;
use Drupal\user\RoleInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Url;
@@ -24,13 +31,14 @@ function content_access_help($route_name, RouteMatchInterface $route_match) {
switch ($route_name) {
case 'entity.node.content_access':
case 'entity.node_type.content_access_form':
- $output = '' . t('About') . '
';
+ $output = '' . t('About') . '
';
$output .= '' . t('Content Access module provides flexible way to control how and who should read or control your site content. Content Access can define custom access control rules for content types and even for every piece of content.') . '
';
$output .= '' . t('Uses') . '
';
$output .= '';
$output .= '- ' . t('Default and custom settings') . '
';
$output .= '- ' . t("Each content type can have its own default content access settings configured as: View any content to allow anyone to view content from this content type, View own content to allow only content creators to see their own content, Edit any content to allow anyone to edit content from this content type, Edit own content to allow only content creators to edit their own content, Delete any content to allow anyone to delete content from this content type, Delete own content to allow content creators to delete their own content. This default settings for each content type can be further customized per every piece of content per user if you have ACL module enabled.", array('@content-type' => Url::fromRoute('entity.node_type.collection')->toString(), '@acl' => 'http://drupal.org/project/acl/')) . '
';
$output .= '
';
+
return $output;
}
}
@@ -46,7 +54,7 @@ function content_access_node_grants(AccountInterface $account, $op) {
}
return array(
- 'content_access_author' => array($account->id()),
+ 'content_access_author' => [$account->id()],
'content_access_roles' => $gids,
);
}
@@ -57,14 +65,12 @@ function content_access_node_grants(AccountInterface $account, $op) {
function content_access_node_access_records(NodeInterface $node) {
if (content_access_disabling() || !$node->isPublished()) {
return;
-
}
-
// Apply per node settings if necessary.
if (content_access_get_settings('per_node', $node->getType())) {
$grants = array();
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (['view', 'update', 'delete'] as $op) {
foreach (content_access_get_rids_per_node_op($op, $node) as $rid) {
$gid = content_access_get_role_gid($rid);
$grants[$gid]['grant_' . $op] = 1;
@@ -76,7 +82,7 @@ function content_access_node_access_records(NodeInterface $node) {
// Care for the author grant.
$grant = array();
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (['view', 'update', 'delete'] as $op) {
// Get all roles that have access to use $op on this node.
$per_node_settings = content_access_per_node_setting($op, $node);
$any_roles = array_combine($per_node_settings, $per_node_settings);
@@ -110,7 +116,7 @@ function content_access_node_access_records(NodeInterface $node) {
* Implements hook_node_delete().
*/
function content_access_node_delete(NodeInterface $node) {
- db_delete('content_access')
+ \Drupal::database()->delete('content_access')
->condition('nid', $node->id())
->execute();
}
@@ -212,9 +218,11 @@ function content_access_get_settings($setting, $type_name) {
$settings = array();
}
$settings += content_access_get_setting_defaults($type_name);
+
if ($setting == 'all') {
return $settings;
}
+
return isset($settings[$setting]) ? $settings[$setting] : NULL;
}
@@ -239,7 +247,16 @@ function content_access_set_settings($settings, $type_name) {
* Return an array containing all available content_access settings.
*/
function content_access_available_settings() {
- return array('view', 'update', 'delete', 'view_own', 'update_own', 'delete_own', 'per_node', 'priority');
+ return [
+ 'view',
+ 'update',
+ 'delete',
+ 'view_own',
+ 'update_own',
+ 'delete_own',
+ 'per_node',
+ 'priority',
+ ];
}
/**
@@ -247,13 +264,14 @@ function content_access_available_settings() {
*/
function content_access_get_setting_defaults($type) {
$defaults = array();
- $defaults['view'] = $defaults['view_own'] = array(AccountInterface::ANONYMOUS_ROLE, AccountInterface::AUTHENTICATED_ROLE);
+ $defaults['view'] = $defaults['view_own'] = [AccountInterface::ANONYMOUS_ROLE, AccountInterface::AUTHENTICATED_ROLE];
foreach (array('update', 'delete') as $op) {
$defaults[$op] = content_access_get_permission_access(content_access_get_permission_by_op($op, $type));
$defaults[$op . '_own'] = content_access_get_permission_access(content_access_get_permission_by_op($op . '_own', $type));
}
$defaults['priority'] = 0;
$defaults['per_node'] = FALSE;
+
return $defaults;
}
@@ -282,16 +300,21 @@ function content_access_get_permission_access($perm, $reset = FALSE) {
*/
function content_access_get_permission_by_op($op, $type) {
switch ($op) {
- default:
- return FALSE;
case 'update':
return 'edit any ' . $type . ' content';
+
case 'update_own':
return 'edit own ' . $type . ' content';
+
case 'delete':
return 'delete any ' . $type . ' content';
+
case 'delete_own':
return 'delete own ' . $type . ' content';
+
+ default:
+ return FALSE;
+
}
}
@@ -301,6 +324,7 @@ function content_access_get_permission_by_op($op, $type) {
function content_access_get_type_grant(NodeInterface $node) {
// Cache per type default grants in a static array
static $defaults = array();
+
$node_type = $node->getType();
if (!isset($defaults[$node_type])) {
@@ -317,7 +341,11 @@ function content_access_get_type_grant(NodeInterface $node) {
// Care for the author grant.
$grant = $grants = array();
- $grant['grant_view'] = content_access_own_op($node, content_access_get_settings('view', $node_type), content_access_get_settings('view_own', $node_type));
+ $settings = [
+ 'view' => content_access_get_settings('view', $node_type),
+ 'view_own' => content_access_get_settings('view_own', $node_type),
+ ];
+ $grant['grant_view'] = content_access_own_op($node, $settings['view'], $settings['view_own']);
if ($grant['grant_view']) {
$grant['realm'] = 'content_access_author';
$grants = array('author' => content_access_proccess_grant($grant, $node->getOwnerId(), $node));
@@ -330,9 +358,15 @@ function content_access_get_type_grant(NodeInterface $node) {
* Process a grant, which means add priority, realm and other properties.
*/
function content_access_proccess_grant($grant, $gid, NodeInterface $node) {
- $grant += array('grant_view' => 0, 'grant_update' => 0, 'grant_delete' => 0, 'realm' => 'content_access_roles');
+ $grant += [
+ 'grant_view' => 0,
+ 'grant_update' => 0,
+ 'grant_delete' => 0,
+ 'realm' => 'content_access_roles',
+ ];
$grant['gid'] = $gid;
$grant['priority'] = content_access_get_settings('priority', $node->getType());
+
return $grant;
}
@@ -340,16 +374,17 @@ function content_access_proccess_grant($grant, $gid, NodeInterface $node) {
* Determines the grant for the node author and the given allowed roles of a operation.
*
* @param $any_roles
- * The roles with which anybody has access (not optimized!)
+ * The roles with which anybody has access (not optimized!).
* @param $own_roles
- * The roles with which only the author has acess (optimized!)
+ * The roles with which only the author has acess (optimized!).
+ * @return int
*/
function content_access_own_op(NodeInterface $node, $any_roles, $own_roles) {
static $roles = array();
$owner = $node->getOwner();
if (!isset($roles[$owner->id()])) {
- $roles[$owner->id()] = $owner->id() ? array(AccountInterface::AUTHENTICATED_ROLE) : array(AccountInterface::ANONYMOUS_ROLE);
+ $roles[$owner->id()] = $owner->id() ? [AccountInterface::AUTHENTICATED_ROLE] : [AccountInterface::ANONYMOUS_ROLE];
$result = $owner->get('roles');
@@ -361,6 +396,7 @@ function content_access_own_op(NodeInterface $node, $any_roles, $own_roles) {
// If there is access due to "any permissions" there is no need to at an author grant.
return 0;
}
+
return array_intersect($roles[$owner->id()], $own_roles) ? 1 : 0;
}
@@ -384,7 +420,15 @@ function content_access_get_rids_per_node_op($op, NodeInterface $node) {
$rids = array_diff($rids, $perm_roles);
if (in_array(AccountInterface::AUTHENTICATED_ROLE, $perm_roles)) {
- return in_array(AccountInterface::ANONYMOUS_ROLE, $rids) ? array(AccountInterface::ANONYMOUS_ROLE, AccountInterface::AUTHENTICATED_ROLE) : array(AccountInterface::AUTHENTICATED_ROLE);
+ if (in_array(AccountInterface::ANONYMOUS_ROLE, $rids)) {
+ return [
+ AccountInterface::ANONYMOUS_ROLE,
+ AccountInterface::AUTHENTICATED_ROLE,
+ ];
+ }
+ else {
+ return [AccountInterface::AUTHENTICATED_ROLE];
+ }
}
}
@@ -409,7 +453,7 @@ function content_access_per_node_setting($op, NodeInterface $node, $settings = N
static $grants = array();
if (isset($settings)) {
- // Update settings cache
+ // Update settings cache.
$grants[$node->id()] = $settings;
return;
}
@@ -430,38 +474,40 @@ function content_access_per_node_setting($op, NodeInterface $node, $settings = N
* it will return an empty array.
*/
function content_access_get_per_node_settings(NodeInterface $node) {
- $query = db_select('content_access', 'c');
- $query->fields('c', array('settings'));
- $query->condition('nid', $node->id());
- $result = $query->execute()->fetchAll(PDO::FETCH_OBJ);
-
- foreach ($result as $record) {
- $settings = $record->settings;
- if (!$settings) {
- return array();
- }
- return unserialize($settings);
+ $query = \Drupal::database()->query("SELECT settings FROM {content_access} WHERE nid = :nid", [
+ ':nid' => $node->id(),
+ ]);
+ $result = $query->fetch(PDO::FETCH_OBJ);
+
+ if (!empty($result->settings)) {
+ return unserialize($result->settings);
}
+
+ return array();
}
/**
* Saves custom per node settings in the own content_access table.
*/
function content_access_save_per_node_settings(NodeInterface $node, $settings) {
- $count = db_select('content_access')
- ->fields('c', array('settings'))
- ->condition('nid', $node->id())
- ->countQuery()->execute()->fetchField();
+ $database = \Drupal::database();
+
+ $count = $database->select('content_access')
+ ->fields('c', ['settings'])
+ ->condition('nid', $node->id())
+ ->countQuery()
+ ->execute()
+ ->fetchField();
if ($count > 0) {
- db_update('content_access')
+ $database->update('content_access')
->condition('nid', $node->id())
- ->fields(array('settings' => serialize($settings)))
+ ->fields(['settings' => serialize($settings)])
->execute();
}
else {
- db_insert('content_access')
- ->fields(array('nid' => $node->id(), 'settings' => serialize($settings)))
+ $database->insert('content_access')
+ ->fields(['nid' => $node->id(), 'settings' => serialize($settings)])
->execute();
}
@@ -473,7 +519,7 @@ function content_access_save_per_node_settings(NodeInterface $node, $settings) {
* Deletes all custom per node settings, so that content type defaults are used again.
*/
function content_access_delete_per_node_settings(NodeInterface $node) {
- db_delete('content_access')
+ \Drupal::database()->delete('content_access')
->condition('nid', $node->id())
->execute();
@@ -497,10 +543,10 @@ function content_access_delete_per_node_settings(NodeInterface $node) {
* The grants are compared with the normal access control settings.
*/
function content_access_optimize_grants(&$grants, NodeInterface $node) {
- $rids = array('view' => array(), 'update' => array(), 'delete' => array());
+ $rids = ['view' => array(), 'update' => array(), 'delete' => array()];
foreach ($grants as $key => $grant) {
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (['view', 'update', 'delete'] as $op) {
if (!empty($grant['grant_' . $op])) {
$rids[$op][] = $key;
}
@@ -510,17 +556,24 @@ function content_access_optimize_grants(&$grants, NodeInterface $node) {
// Detect if all are allowed to view
$anonymous_gid = content_access_get_role_gid(AccountInterface::ANONYMOUS_ROLE);
$authenticated_gid = content_access_get_role_gid(AccountInterface::AUTHENTICATED_ROLE);
- $all = array($anonymous_gid, $authenticated_gid);
- if (count(array_diff($all, $rids['view'])) == 0) {
+ $all = [$anonymous_gid, $authenticated_gid];
+ if (empty(array_diff($all, $rids['view']))) {
//grant view access to all instead of single roles
- $rids['view'] = array('all');
- $grants['all'] = array('realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0, 'priority' => content_access_get_settings('priority', $node->getType()));
+ $rids['view'] = ['all'];
+ $grants['all'] = [
+ 'realm' => 'all',
+ 'gid' => 0,
+ 'grant_view' => 1,
+ 'grant_update' => 0,
+ 'grant_delete' => 0,
+ 'priority' => content_access_get_settings('priority', $node->getType()),
+ ];
}
// If authenticated users are involved, remove unnecessary other roles.
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (['view', 'update', 'delete'] as $op) {
if (in_array($authenticated_gid, $rids[$op])) {
- $rids[$op] = in_array($anonymous_gid, $rids[$op]) ? array($anonymous_gid, $authenticated_gid) : array($authenticated_gid);
+ $rids[$op] = in_array($anonymous_gid, $rids[$op]) ? [$anonymous_gid, $authenticated_gid] : [$authenticated_gid];
}
}
@@ -529,13 +582,14 @@ function content_access_optimize_grants(&$grants, NodeInterface $node) {
if (!is_numeric($key)) {
continue;
}
- foreach (array('view', 'update', 'delete') as $op) {
+
+ foreach (['view', 'update', 'delete'] as $op) {
if ($grant['grant_' . $op] && in_array($key, $rids[$op])) {
- //it's still here, so we can't remove this grant
+ //it's still here, so we can't remove this grant.
continue 2;
}
}
- //ok, remove it
+ // ok, remove it.
unset($grants[$key]);
}
}
@@ -576,14 +630,18 @@ function content_access_node_access_explain($row) {
if (!isset($roles)) {
$roles = user_roles();
}
+
if (!$row->gid && $row->realm == 'content_access_roles') {
return t('Content access: No access is granted.');
}
+
switch ($row->realm) {
case 'content_access_author':
return t('Content access: author of the content can access');
+
case 'content_access_roles':
- return t('Content access: %role can access', array('%role' => $roles[$row->gid]));
+ return t('Content access: %role can access', ['%role' => $roles[$row->gid]]);
+
}
}
@@ -593,11 +651,11 @@ function content_access_node_access_explain($row) {
function content_access_form_alter(&$form, FormStateInterface $form_state, $form_id) {
if ($form_id == 'user_admin_perm') {
$build_info = $form_state->getBuildInfo();
- $build_info['files'][] = array(
+ $build_info['files'][] = [
'module' => 'content_access',
'type' => 'inc',
'name' => 'content_access.admin'
- );
+ ];
$form_state->setBuildInfo($build_info);
$form['actions']['submit']['#submit'][] = 'content_access_user_admin_perm_submit';
}
@@ -608,13 +666,14 @@ function content_access_form_alter(&$form, FormStateInterface $form_state, $form
*/
function _content_access_get_operations($type = NULL) {
$operations = array(
- 'view' => t('View any @type content', array('@type' => $type)),
- 'view_own' => t('View own @type content', array('@type' => $type)),
- 'update' => t('Edit any @type content', array('@type' => $type)),
- 'update_own' => t('Edit own @type content', array('@type' => $type)),
- 'delete' => t('Delete any @type content', array('@type' => $type)),
- 'delete_own' => t('Delete own @type content', array('@type' => $type)),
+ 'view' => t('View any @type content', ['@type' => $type]),
+ 'view_own' => t('View own @type content', ['@type' => $type]),
+ 'update' => t('Edit any @type content', ['@type' => $type]),
+ 'update_own' => t('Edit own @type content', ['@type' => $type]),
+ 'delete' => t('Delete any @type content', ['@type' => $type]),
+ 'delete_own' => t('Delete own @type content', ['@type' => $type]),
);
+
return $operations;
}
@@ -631,6 +690,7 @@ function _content_access_get_node_permissions($type) {
function content_access_get_role_gid($role) {
$config = \Drupal::configFactory()->getEditable('content_access.settings');
$roles_gids = $config->get('content_access_roles_gids');
+
return $roles_gids[$role];
}
@@ -640,8 +700,9 @@ function content_access_get_role_gid($role) {
function content_access_get_acl_id(NodeInterface $node, $op) {
$acl_id = acl_get_id_by_name('content_access', $op . '_' . $node->id());
if (!$acl_id) {
- $acl_id = acl_create_new_acl('content_access', $op . '_' . $node->id());
+ $acl_id = acl_create_acl('content_access', $op . '_' . $node->id());
}
+
return $acl_id;
}
@@ -649,12 +710,78 @@ function content_access_get_acl_id(NodeInterface $node, $op) {
* Detaches all our ACLs for the nodes of the given type.
*/
function _content_access_remove_acls($type) {
- $query = db_select('node', 'n');
- $query->condition('type', $type);
- $query->fields('n', array('nid'));
- $nids = $query->execute()->fetchCol();
- $result = Node::loadMultiple($nids);
+ $result = \Drupal::database()->query("SELECT n.nid FROM {node} n WHERE type = :type", [
+ 'type' => $type,
+ ]);
+
foreach ($result as $node) {
- acl_node_clear_acls($node->id(), 'content_access');
+ acl_node_clear_acls($node->nid, 'content_access');
+ }
+}
+
+/**
+ * Mass updates node access records for nodes of the given types.
+ * @param $types
+ * An array of content type names.
+ * @return
+ * Whether the operation has been processed successfully or postponed.
+ */
+function content_access_mass_update($types) {
+ $query = \Drupal::database()->select('node', 'n')
+ ->fields('n', array('nid'))
+ ->condition('n.type', $types, 'IN');
+
+ $count = $query->countQuery()->execute()->fetchField();
+
+ node_access_needs_rebuild(TRUE);
+
+ // If there not too much nodes affected, try to do it.
+ if ($count <= CONTENT_ACCESS_MASS_UPDATE_THRESHOLD) {
+ $records = $query->execute();
+
+ foreach ($records as $node) {
+ $node = Node::load($node->nid);
+ \Drupal::entityManager()->getAccessControlHandler('node')->writeGrants($node);
+ }
+
+ foreach (Cache::getBins() as $service_id => $cache_backend) {
+ $cache_backend->deleteAll();
+ }
+
+ node_access_needs_rebuild(FALSE);
+
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ * Submit callback for the user permissions form.
+ * Trigger changes to node permissions to rebuild our grants.
+ */
+function content_access_user_admin_perm_submit($form, FormStateInterface $form_state) {
+ // Check for each content type, which has per node access activated
+ // whether permissions have been changed.
+ $types = array();
+ foreach (array_filter(content_access_get_settings('per_node', 'all')) as $type => $value) {
+ foreach (_content_access_get_node_permissions($type) as $perm) {
+ foreach (user_roles() as $rid => $role) {
+ $values = $form_state->getValues();
+ if (isset($values[$rid]) && in_array($perm, $form['checkboxes'][$rid]['#default_value']) != in_array($perm, $values[$rid])) {
+ // permission changed.
+ $types[$type] = node_type_get_names();
+ continue 2;
+
+ }
+ }
+ }
+ }
+ if ($types && content_access_mass_update(array_keys($types))) {
+ drupal_set_message(\Drupal::translation()->formatPlural(count($types),
+ 'Permissions have been successfully rebuilt for the content type @types.',
+ 'Permissions have been successfully rebuilt for the content types @types.',
+ ['@types' => implode(', ', $types)]
+ ));
}
}
diff --git a/content_access.rules.events.yml b/content_access.rules.events.yml
new file mode 100644
index 0000000..5e55770
--- /dev/null
+++ b/content_access.rules.events.yml
@@ -0,0 +1,12 @@
+content_access_content_type:
+ label: 'Content type access control was changed'
+ category: 'Content Access'
+
+content_access_per_node:
+ label: 'Per node access control was changed'
+ category: 'Content Access'
+
+content_access_user_acl:
+ label: 'User was added to ACL'
+ category: 'Content Access'
+ deriver: '\Drupal\content_access\Plugin\Deriver\RulesEventUserAclDeriver'
diff --git a/src/Access/ContentAccessNodePageAccessCheck.php b/src/Access/ContentAccessNodePageAccessCheck.php
index d172b5b..af70f7d 100644
--- a/src/Access/ContentAccessNodePageAccessCheck.php
+++ b/src/Access/ContentAccessNodePageAccessCheck.php
@@ -26,8 +26,7 @@ class ContentAccessNodePageAccessCheck implements AccessInterface {
* {@inhericdoc}
*/
public function access(AccountInterface $account, RouteMatchInterface $route_match) {
- $nid = $route_match->getParameter('node');
- $node = Node::load($nid);
+ $node = $route_match->getParameter('node');
$all_nodes_access = $account->hasPermission('grant content access');
$own_node_access = $account->hasPermission('grant own content access') && ($account->id() == $node->getOwnerId());
diff --git a/src/Controller/ContentAccessController.php b/src/Controller/ContentAccessController.php
index e8a0064..179171f 100644
--- a/src/Controller/ContentAccessController.php
+++ b/src/Controller/ContentAccessController.php
@@ -19,9 +19,8 @@ class ContentAccessController extends ControllerBase {
* Returns content access settings page title.
*/
public function getContentAccessTitle() {
- $nid = \Drupal::routeMatch()->getParameter('node');
- $node = Node::load($nid);
- $title = t('Access control for @title', array('@title' => $node->getTitle()));
+ $node = \Drupal::routeMatch()->getParameter('node');
+ $title = t('Access control for @title', ['@title' => $node->getTitle()]);
return $title;
}
diff --git a/src/Form/ContentAccessAdminSettingsForm.php b/src/Form/ContentAccessAdminSettingsForm.php
index 3ed2425..e6a8857 100644
--- a/src/Form/ContentAccessAdminSettingsForm.php
+++ b/src/Form/ContentAccessAdminSettingsForm.php
@@ -14,10 +14,11 @@ use Drupal\user\PermissionHandlerInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
/**
- * Node Access settings form
+ * Node Access settings form.
* @package Drupal\content_access\Form
*/
class ContentAccessAdminSettingsForm extends FormBase {
+ use ContentAccessRoleBasedFormTrait;
/**
* The permission handler.
@@ -57,10 +58,9 @@ class ContentAccessAdminSettingsForm extends FormBase {
* {@inheritdoc}
*/
public function buildForm(array $form, FormStateInterface $form_state, $node_type = NULL) {
-
- $storage = array(
+ $storage = [
'node_type' => $node_type,
- );
+ ];
$form_state->setStorage($storage);
@@ -69,18 +69,17 @@ class ContentAccessAdminSettingsForm extends FormBase {
foreach (_content_access_get_operations() as $op => $label) {
$defaults[$op] = content_access_get_settings($op, $node_type);
}
- module_load_include('admin.inc', 'content_access');
- content_access_role_based_form($form, $defaults, $node_type);
+
+ $this->roleBasedForm($form, $defaults, $node_type);
// Per node:
$form['node'] = array(
'#type' => 'fieldset',
'#title' => t('Per content node access control settings'),
'#collapsible' => TRUE,
- '#description' => t('Optionally you can enable per content node access control settings. If enabled, a new tab for the content access settings appears when viewing content. You have to configure permission to access these settings at the !permissions page.', array(
- '!permissions' => \Drupal::l(t('permissions'), Url::fromRoute('user.admin_permissions')),
- )
- ),
+ '#description' => t('Optionally you can enable per content node access control settings. If enabled, a new tab for the content access settings appears when viewing content. You have to configure permission to access these settings at the @permissions page.', [
+ '@permissions' => \Drupal::l(t('permissions'), Url::fromRoute('user.admin_permissions')),
+ ]),
);
$form['node']['per_node'] = array(
'#type' => 'checkbox',
@@ -121,7 +120,7 @@ class ContentAccessAdminSettingsForm extends FormBase {
$node_type = $storage['node_type'];
// Remove disabled modules permissions, so they can't raise exception
- // in content_access_save_permissions()
+ // in ::savePermissions().
foreach ($roles_permissions as $rid => $role_permissions) {
foreach ($role_permissions as $permission => $value) {
if (!array_key_exists($permission, $permissions)) {
@@ -130,7 +129,7 @@ class ContentAccessAdminSettingsForm extends FormBase {
}
}
- foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
+ foreach (['update', 'update_own', 'delete', 'delete_own'] as $op) {
foreach ($values[$op] as $rid => $value) {
$permission = content_access_get_permission_by_op($op, $node_type);
if ($value) {
@@ -144,7 +143,8 @@ class ContentAccessAdminSettingsForm extends FormBase {
// always.
unset($values[$op]);
}
- content_access_save_permissions($roles_permissions);
+
+ $this->savePermissions($roles_permissions);
// Update content access settings
$settings = content_access_get_settings('all', $node_type);
@@ -168,7 +168,7 @@ class ContentAccessAdminSettingsForm extends FormBase {
_content_access_remove_acls($node_type);
}
- if (content_access_mass_update(array($node_type))) {
+ if (content_access_mass_update([$node_type])) {
$node_types = node_type_get_names();
drupal_set_message(t('Permissions have been successfully rebuilt for the content type @types.', array('@types' => $node_types[$node_type])));
}
@@ -176,4 +176,14 @@ class ContentAccessAdminSettingsForm extends FormBase {
drupal_set_message(t('Your changes have been saved.'));
}
+
+ /**
+ * Saves the given permissions by role to the database.
+ */
+ protected function savePermissions($roles_permissions) {
+ foreach ($roles_permissions as $rid => $permissions) {
+ user_role_change_permissions($rid, $permissions);
+ }
+ }
+
}
diff --git a/src/Form/ContentAccessPageForm.php b/src/Form/ContentAccessPageForm.php
index 8a2d68c..52ad6b4 100644
--- a/src/Form/ContentAccessPageForm.php
+++ b/src/Form/ContentAccessPageForm.php
@@ -10,7 +10,7 @@ namespace Drupal\content_access\Form;
use Drupal\Core\Form\FormBase;
use Drupal\Core\Render\Element;
use Drupal\Core\Form\FormStateInterface;
-use Drupal\node\Entity\Node;
+use Drupal\node\NodeInterface;
use Drupal\Core\Template\Attribute;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Session\AccountInterface;
@@ -20,6 +20,7 @@ use Drupal\Core\Session\AccountInterface;
* @package Drupal\content_access\Form
*/
class ContentAccessPageForm extends FormBase {
+ use ContentAccessRoleBasedFormTrait;
/**
* {@inheritdoc}
@@ -31,17 +32,14 @@ class ContentAccessPageForm extends FormBase {
/**
* {@inheritdoc}
*/
- public function buildForm(array $form, FormStateInterface $form_state, $node = NULL) {
- $node = Node::load($node);
+ public function buildForm(array $form, FormStateInterface $form_state, NodeInterface $node = NULL) {
$defaults = array();
foreach (_content_access_get_operations() as $op => $label) {
$defaults[$op] = content_access_per_node_setting($op, $node);
}
- // Get roles form
- module_load_include('admin.inc', 'content_access');
- content_access_role_based_form($form, $defaults, $node->getType());
+ $this->roleBasedForm($form, $defaults, $node->getType());
foreach (Element::children($form['per_role']) as $op) {
if (!empty($form['per_role'][$op]['#type']) && $form['per_role'][$op]['#type'] == 'checkboxes') {
$form['per_role'][$op]['#process'] = array(
@@ -53,16 +51,16 @@ class ContentAccessPageForm extends FormBase {
// Add an after_build handler that disables checkboxes, which are enforced by permissions.
$build_info = $form_state->getBuildInfo();
- $build_info['files'][] = array(
+ $build_info['files'][] = [
'module' => 'content_access',
'type' => 'inc',
'name' => 'content_access.admin'
- );
+ ];
$form_state->setBuildInfo($build_info);
- $form['per_role']['#after_build'] = array('content_access_force_permissions');
+ $form['per_role']['#after_build'] = ['::forcePermissions'];
- // ACL form
+ // ACL form.
if (\Drupal::moduleHandler()->moduleExists('acl')) {
// This is disabled when there is no node passed.
$form['acl'] = array(
@@ -73,12 +71,17 @@ class ContentAccessPageForm extends FormBase {
'#tree' => TRUE,
);
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (['view', 'update', 'delete'] as $op) {
$acl_id = content_access_get_acl_id($node, $op);
- acl_node_add_acl($node->id(), $acl_id, (int) ($op == 'view'), (int) ($op == 'update'), (int) ($op == 'delete'), content_access_get_settings('priority', $node->getType()));
- $form['acl'][$op] = acl_edit_form($form_state, $acl_id, t('Grant !op access', array('!op' => $op)));
- $form['acl'][$op]['#collapsed'] = !isset($_POST['acl_' . $acl_id]) && !unserialize($form['acl'][$op]['user_list']['#default_value']);
+ $view = (int) ($op == 'view');
+ $update = (int) ($op == 'update');
+ acl_node_add_acl($node->id(), $acl_id, $view, $update, (int) ($op == 'delete'), content_access_get_settings('priority', $node->getType()));
+
+ $form['acl'][$op] = acl_edit_form($form_state, $acl_id, t('Grant !op access', ['!op' => $op]));
+
+ $post_acl_id = \Drupal::request()->request->get('acl_' . $acl_id, NULL);
+ $form['acl'][$op]['#collapsed'] = !isset($post_acl_id) && !unserialize($form['acl'][$op]['user_list']['#default_value']);
}
}
@@ -89,8 +92,8 @@ class ContentAccessPageForm extends FormBase {
'#type' => 'submit',
'#value' => t('Reset to defaults'),
'#weight' => 10,
- '#submit' => array('content_access_page_reset'),
- '#access' => count(content_access_get_per_node_settings($node)) > 0,
+ '#submit' => ['::pageResetSubmit'],
+ '#access' => !empty(content_access_get_per_node_settings($node)),
);
$form['submit'] = array(
'#type' => 'submit',
@@ -158,18 +161,61 @@ class ContentAccessPageForm extends FormBase {
) {
$element[$key]['#disabled'] = TRUE;
$element[$key]['#default_value'] = FALSE;
- $element[$key]['#prefix'] = ' t("This role is lacking the permission '@perm', so it has no access.", array('@perm' => t('access content'))))) . '>';
+ $element[$key]['#prefix'] = ' t("This role is lacking the permission '@perm', so it has no access.", ['@perm' => t('access content')])
+ ]) . '>';
$element[$key]['#suffix'] = "";
}
elseif (in_array($key, $admin_roles) || ($key != AccountInterface::ANONYMOUS_ROLE && in_array(AccountInterface::AUTHENTICATED_ROLE, $admin_roles))) {
// Fix the checkbox to be enabled for users with administer node privileges
$element[$key]['#disabled'] = TRUE;
$element[$key]['#default_value'] = TRUE;
- $element[$key]['#prefix'] = ' t("This role has '@perm' permission, so access is granted.", array('@perm' => t('administer nodes'))))) . '>';
+ $element[$key]['#prefix'] = ' t("This role has '@perm' permission, so access is granted.", ['@perm' => t('administer nodes')])
+ ]) . '>';
$element[$key]['#suffix'] = "";
}
}
return $element;
}
+
+ /**
+ * Submit callback for reset on content_access_page().
+ */
+ function pageResetSubmit(array &$form, FormStateInterface $form_state) {
+ $storage = $form_state->getStorage();
+ content_access_delete_per_node_settings($storage['node']);
+ \Drupal::entityManager()->getAccessControlHandler('node')->writeGrants($storage['node']);
+
+ drupal_set_message(t('The permissions have been reseted to the content type defaults.'));
+ }
+
+
+ /**
+ * Formapi #after_build callback, that disables checkboxes for roles without access to content.
+ */
+ function forcePermissions($element, FormStateInterface $form_state) {
+ $storage = $form_state->getStorage();
+ if (!empty($storage['node'])) {
+ $node = $storage['node'];
+ foreach (['update', 'update_own', 'delete', 'delete_own'] as $op) {
+ foreach (content_access_get_settings($op, $node->getType()) as $rid) {
+ $element[$op][$rid]['#disabled'] = TRUE;
+ $element[$op][$rid]['#attributes']['disabled'] = 'disabled';
+ $element[$op][$rid]['#value'] = TRUE;
+ $element[$op][$rid]['#checked'] = TRUE;
+
+ $prefix_attr = new Attribute([
+ 'title' => t('Permission is granted due to the content type\'s access control settings.'),
+ ]);
+ $element[$op][$rid]['#prefix'] = '';
+ $element[$op][$rid]['#suffix'] = "";
+ }
+ }
+ }
+
+ return $element;
+ }
+
}
diff --git a/src/Form/ContentAccessRoleBasedFormTrait.php b/src/Form/ContentAccessRoleBasedFormTrait.php
new file mode 100644
index 0000000..96149ea
--- /dev/null
+++ b/src/Form/ContentAccessRoleBasedFormTrait.php
@@ -0,0 +1,69 @@
+ t('access content'),
+ ]),
+ t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %administer_nodes permission.', [
+ '@published' => t('published'),
+ '%administer_nodes' => t('administer nodes'),
+ ]),
+ ];
+ $form['per_role'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Role based access control settings'),
+ '#collapsible' => TRUE,
+ '#description' => implode(' ', $description),
+ );
+
+ $operations = _content_access_get_operations($type);
+ $user_roles = Role::loadMultiple();
+ $roles = array();
+ foreach ($user_roles as $role) {
+ $roles[$role->id()] = $role->get('label');
+ }
+ foreach ($operations as $op => $label) {
+ // Make sure defaults are set properly
+ $defaults += array($op => array());
+
+ $form['per_role'][$op] = array(
+ '#type' => 'checkboxes',
+ '#prefix' => '',
+ '#suffix' => '
',
+ '#options' => $roles,
+ '#title' => $label,
+ '#default_value' => $defaults[$op],
+ );
+ }
+
+ $form['per_role']['clearer'] = array(
+ '#value' => '
',
+ );
+
+ $form['#attached']['library'][] = 'content_access/drupal.content_access';
+
+ return $form;
+ }
+
+}
diff --git a/src/Plugin/Deriver/RulesActionUserAclDeriver.php b/src/Plugin/Deriver/RulesActionUserAclDeriver.php
new file mode 100644
index 0000000..a0ba322
--- /dev/null
+++ b/src/Plugin/Deriver/RulesActionUserAclDeriver.php
@@ -0,0 +1,62 @@
+moduleHandler = $module_handler;
+ $this->stringTranslation = $string_translation;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public static function create(ContainerInterface $container, $base_plugin_id) {
+ return new static($container->get('module_handler'), $container->get('string_translation'));
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function getDerivativeDefinitions($base_plugin_definition) {
+ if ($this->moduleHandler->moduleExists('acl')) {
+ $id = $base_plugin_definition['id'];
+ $this->derivatives[$id] = $base_plugin_definition;
+ }
+
+ return $this->derivatives;
+ }
+
+}
diff --git a/src/Plugin/Deriver/RulesEventUserAclDeriver.php b/src/Plugin/Deriver/RulesEventUserAclDeriver.php
new file mode 100644
index 0000000..26e6f4b
--- /dev/null
+++ b/src/Plugin/Deriver/RulesEventUserAclDeriver.php
@@ -0,0 +1,55 @@
+moduleHandler = $module_handler;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public static function create(ContainerInterface $container, $base_plugin_id) {
+ return new static($container->get('module_handler'));
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function getDerivativeDefinitions($base_plugin_definition) {
+ if ($this->moduleHandler->moduleExists('acl')) {
+ $this->derivatives['content_access_user_acl'] = $base_plugin_definition;
+ }
+
+ return $this->derivatives;
+ }
+
+}
diff --git a/src/Plugin/RulesAction/ActionCommonTrait.php b/src/Plugin/RulesAction/ActionCommonTrait.php
new file mode 100644
index 0000000..71b3068
--- /dev/null
+++ b/src/Plugin/RulesAction/ActionCommonTrait.php
@@ -0,0 +1,95 @@
+getEditable('content_access.settings');
+
+ $type = $node->getType();
+ $settings = unserialize($config->get('content_access_node_type.' . $type));
+
+ if (isset($settings['per_node']) && $settings['per_node']) {
+ return TRUE;
+ }
+
+ // If we didn't find any settings in content access for this type return
+ // false as we don't want to process it.
+ $this->logger->log(LogLevel::WARNING, $this->t("Can't set per content permissions for content type @type. Make sure to have per content settings activated for content types you want to alter access control for.", ['@type' => $node->getType()]));
+
+ return FALSE;
+ }
+
+ /**
+ * Transforms the array of text values to an array keyed by $op and $rid.
+ */
+ protected function transformRulesValue($value) {
+ $array = array();
+ foreach ($value as $op_role) {
+ $parts = explode(':', $op_role);
+ // The first item is $op and the second $rid.
+ $array[$parts[0]][] = $parts[1];
+ }
+
+ return $array;
+ }
+
+ /**
+ * Apply the new grants to the affected node.
+ */
+ protected function aquireGrants(NodeInterface $node) {
+ \Drupal::entityManager()->getAccessControlHandler('node')->writeGrants($node);
+ }
+
+ /**
+ * Process Rule's param, and grant by the passed operation.
+ */
+ protected function actionUser(array $params, $type) {
+ $ops = ['view', 'update', 'delete'];
+ $settings = array();
+ $node = $params['node'];
+
+ foreach ($ops as $op) {
+ if ($params['content_access_user_' . $op]) {
+ $settings[$op] = $params['content_access_user_' . $op]->id();
+ }
+ }
+
+ foreach ($settings as $op => $uid) {
+ $acl_id = content_access_get_acl_id($node, $op);
+ acl_node_add_acl($node->nid, $acl_id, (int) ($op == 'view'), (int) ($op == 'update'), (int) ($op == 'delete'), content_access_get_settings('priority', $node->getType()));
+
+ $this->database->delete('acl_user')
+ ->condition('acl_id', $acl_id)
+ ->condition('uid', $uid)
+ ->execute();
+
+ if ($type == 'grant') {
+ $this->database->insert('acl_user')
+ ->fields(array(
+ 'acl_id' => $acl_id,
+ 'uid' => $uid,
+ ))
+ ->execute();
+ }
+ }
+
+ $this->aquireGrants($node);
+ }
+
+}
diff --git a/src/Plugin/RulesAction/ActionGrantNodePermissions.php b/src/Plugin/RulesAction/ActionGrantNodePermissions.php
new file mode 100644
index 0000000..9d12a8b
--- /dev/null
+++ b/src/Plugin/RulesAction/ActionGrantNodePermissions.php
@@ -0,0 +1,85 @@
+logger = $logger;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
+ return new static(
+ $configuration,
+ $plugin_id,
+ $plugin_definition,
+ $container->get('logger.factory')
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function execute() {
+ $node = $this->getContextValue('node');
+ $permissions = $this->getContextValue('permissions');
+
+ if (!empty($node->id()) && $this->checkSetting($node)) {
+ // Transform the value to the content-access format.
+ $settings = $this->transformRulesValue($permissions);
+ $ca_settings = array();
+ foreach (_content_access_get_operations() as $op => $label) {
+ // Merge in the array of role-ids for each operation.
+ $settings += array($op => array());
+ $ca_settings[$op] = array_keys(array_flip(content_access_per_node_setting($op, $node)) + array_flip($settings[$op]));
+ }
+ content_access_save_per_node_settings($node, $ca_settings);
+ $this->aquireGrants($node);
+ }
+ }
+
+}
diff --git a/src/Plugin/RulesAction/ActionResetNodePermissions.php b/src/Plugin/RulesAction/ActionResetNodePermissions.php
new file mode 100644
index 0000000..8cc96d3
--- /dev/null
+++ b/src/Plugin/RulesAction/ActionResetNodePermissions.php
@@ -0,0 +1,40 @@
+getContextValue('node');
+
+ content_access_delete_per_node_settings($node);
+ $this->aquireGrants($node);
+ }
+
+}
diff --git a/src/Plugin/RulesAction/ActionRevokeNodePermissions.php b/src/Plugin/RulesAction/ActionRevokeNodePermissions.php
new file mode 100644
index 0000000..3f414af
--- /dev/null
+++ b/src/Plugin/RulesAction/ActionRevokeNodePermissions.php
@@ -0,0 +1,85 @@
+logger = $logger;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
+ return new static(
+ $configuration,
+ $plugin_id,
+ $plugin_definition,
+ $container->get('logger.factory')
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function execute() {
+ $node = $this->getContextValue('node');
+ $permissions = $this->getContextValue('permissions');
+
+ if (!empty($node->id()) && $this->checkSetting($node)) {
+ // Transform the value to the content-access format.
+ $settings = $this->transformRulesValue($permissions);
+
+ $ca_settings = array();
+ foreach (_content_access_get_operations() as $op => $label) {
+ $settings += array($op => array());
+ $ca_settings[$op] = array_diff(content_access_per_node_setting($op, $node), $settings[$op]);
+ }
+ content_access_save_per_node_settings($node, $ca_settings);
+ $this->aquireGrants($node);
+ }
+ }
+
+}
diff --git a/src/Plugin/RulesAction/ActionUserGrant.php b/src/Plugin/RulesAction/ActionUserGrant.php
new file mode 100644
index 0000000..ed172c1
--- /dev/null
+++ b/src/Plugin/RulesAction/ActionUserGrant.php
@@ -0,0 +1,53 @@
+getContextValues();
+ $this->actionUser($params, 'grant');
+ }
+
+}
diff --git a/src/Plugin/RulesAction/ActionUserRevoke.php b/src/Plugin/RulesAction/ActionUserRevoke.php
new file mode 100644
index 0000000..1f0f334
--- /dev/null
+++ b/src/Plugin/RulesAction/ActionUserRevoke.php
@@ -0,0 +1,53 @@
+getContextValues();
+ $this->actionUser($params, 'revoke');
+ }
+
+}
diff --git a/src/Plugin/RulesAction/ContentAccessUserRulesActionBase.php b/src/Plugin/RulesAction/ContentAccessUserRulesActionBase.php
new file mode 100644
index 0000000..b7b8589
--- /dev/null
+++ b/src/Plugin/RulesAction/ContentAccessUserRulesActionBase.php
@@ -0,0 +1,55 @@
+logger = $logger;
+ $this->database = $database;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
+ return new static(
+ $configuration,
+ $plugin_id,
+ $plugin_definition,
+ $container->get('database'),
+ $container->get('logger.factory')
+ );
+ }
+
+}
diff --git a/src/Tests/ContentAccessAclTestCase.php b/src/Tests/ContentAccessAclTestCase.php
index 2ee0ea7..b07bd0a 100644
--- a/src/Tests/ContentAccessAclTestCase.php
+++ b/src/Tests/ContentAccessAclTestCase.php
@@ -8,21 +8,14 @@
namespace Drupal\content_access\Tests;
/**
- * Automatd SimpleTest Case for using content access module with acl module
+ * Automated SimpleTest Case for using content access module with acl module.
*
* @group Access
*/
class ContentAccessAclTestCase extends ContentAccessTestHelp {
/**
- * Modules to enable.
- *
- * @var array
- */
- public static $modules = array('acl', 'content_access');
-
- /**
- * Implementation of get_info() for information
+ * Implementation of getInfo() for information.
*/
public static function getInfo() {
return array(
@@ -33,7 +26,7 @@ class ContentAccessAclTestCase extends ContentAccessTestHelp {
}
/**
- * Setup configuration before each test
+ * Setup configuration before each test.
*/
function setUp() {
parent::setUp();
@@ -43,148 +36,149 @@ class ContentAccessAclTestCase extends ContentAccessTestHelp {
return;
}
- // Create test nodes
- $this->node = $this->drupalCreateNode(array('type' => $this->content_type->id()));
+ // Create test node.
+ $this->node1 = $this->drupalCreateNode(['type' => $this->content_type->id()]);
}
/**
- * Test Viewing accessibility with permissions for single users
+ * Test Viewing accessibility with permissions for single users.
*/
function testViewAccess() {
- // Exit test if ACL module could not be enabled
+ // Exit test if ACL module could not be enabled.
if (!\Drupal::moduleHandler()->moduleExists('acl')) {
$this->pass('No ACL module present, skipping test');
return;
}
- // Restrict access to this content type (access is only allowed for the author)
- // Enable per node access control
- $access_permissions = array(
+ // Restrict access to this content type.
+ // Enable per node access control.
+ $access_permissions = [
'view[anonymous]' => FALSE,
'view[authenticated]' => FALSE,
'per_node' => TRUE,
- );
+ ];
$this->changeAccessContentType($access_permissions);
- // Allow access for test user
- $edit = array(
+ // Allow access for test user.
+ $edit = [
'acl[view][add]' => $this->test_user->getUsername(),
- );
- $this->drupalPostForm('node/'. $this->node->id() .'/access', $edit, t('Add User'));
+ ];
+ $this->drupalPostForm('node/'. $this->node1->id() .'/access', $edit, t('Add User'));
$this->drupalPostForm(NULL, array(), t('Submit'));
- // Logout admin, try to access the node anonymously
+ // Logout admin, try to access the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertText(t('Access denied'), 'node is not viewable');
- // Login test user, view access should be allowed now
+ // Login test user, view access should be allowed now.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertNoText(t('Access denied'), 'node is viewable');
- // Login admin and disable per node access
+ // Login admin and disable per node access.
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode(FALSE);
- // Logout admin, try to access the node anonymously
+ // Logout admin, try to access the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertText(t('Access denied'), 'node is not viewable');
- // Login test user, view access should be denied now
+ // Login test user, view access should be denied now.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertText(t('Access denied'), 'node is not viewable');
}
/**
- * Test Editing accessibility with permissions for single users
+ * Test Editing accessibility with permissions for single users.
*/
function testEditAccess() {
- // Exit test if ACL module could not be enabled
+ // Exit test if ACL module could not be enabled.
if (!\Drupal::moduleHandler()->moduleExists('acl')) {
$this->pass('No ACL module present, skipping test');
return;
}
- // Enable per node access control
+ // Enable per node access control.
$this->changeAccessPerNode();
- // Allow edit access for test user
- $edit = array(
+ // Allow edit access for test user.
+ $edit = [
'acl[update][add]' => $this->test_user->getUsername(),
- );
- $this->drupalPostForm('node/'. $this->node->id() .'/access', $edit, t('Add User'));
+ ];
+ $this->drupalPostForm('node/' . $this->node1->id() .'/access', $edit, t('Add User'));
$this->drupalPostForm(NULL, array(), t('Submit'));
- // Logout admin, try to edit the node anonymously
+ // Logout admin, try to edit the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() .'/edit');
$this->assertText(t('Access denied'), 'node is not editable');
- // Login test user, edit access should be allowed now
+ // Login test user, edit access should be allowed now.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() .'/edit');
$this->assertNoText(t('Access denied'), 'node is editable');
- // Login admin and disable per node access
+ // Login admin and disable per node access.
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode(FALSE);
- // Logout admin, try to edit the node anonymously
+ // Logout admin, try to edit the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() .'/edit');
$this->assertText(t('Access denied'), 'node is not editable');
- // Login test user, edit access should be denied now
+ // Login test user, edit access should be denied now.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() .'/edit');
$this->assertText(t('Access denied'), 'node is not editable');
}
/**
- * Test Deleting accessibility with permissions for single users
+ * Test Deleting accessibility with permissions for single users.
*/
function testDeleteAccess() {
- // Exit test if ACL module could not be enabled
+ // Exit test if ACL module could not be enabled.
if (!\Drupal::moduleHandler()->moduleExists('acl')) {
$this->pass('No ACL module present, skipping test');
return;
}
- // Enable per node access control
+ // Enable per node access control.
$this->changeAccessPerNode();
- // Allow delete access for test user
+ // Allow delete access for test user.
$edit = array(
'acl[delete][add]' => $this->test_user->getUsername(),
);
- $this->drupalPostForm('node/'. $this->node->id() .'/access', $edit, t('Add User'));
+ $this->drupalPostForm('node/' . $this->node1->id() .'/access', $edit, t('Add User'));
$this->drupalPostForm(NULL, array(), t('Submit'));
- // Logout admin, try to delete the node anonymously
+ // Logout admin, try to delete the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() .'/delete');
$this->assertText(t('Access denied'), 'node is not deletable');
- // Login test user, delete access should be allowed now
+ // Login test user, delete access should be allowed now.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() .'/delete');
$this->assertNoText(t('Access denied'), 'node is deletable');
- // Login admin and disable per node access
+ // Login admin and disable per node access.
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode(FALSE);
- // Logout admin, try to delete the node anonymously
+ // Logout admin, try to delete the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() .'/delete');
$this->assertText(t('Access denied'), 'node is not deletable');
- // Login test user, delete access should be denied now
+ // Login test user, delete access should be denied now.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() .'/delete');
$this->assertText(t('Access denied'), 'node is not deletable');
}
+
}
diff --git a/src/Tests/ContentAccessModuleTestCase.php b/src/Tests/ContentAccessModuleTestCase.php
index 045f12c..ea8fb93 100644
--- a/src/Tests/ContentAccessModuleTestCase.php
+++ b/src/Tests/ContentAccessModuleTestCase.php
@@ -8,98 +8,96 @@
namespace Drupal\content_access\Tests;
/**
- * Automated SimpleTest Case for content access module
+ * Automated SimpleTest Case for content access module.
*
* @group Access
*/
class ContentAccessModuleTestCase extends ContentAccessTestHelp {
/**
- * Modules to enable.
- *
- * @var array
- */
- public static $modules = array('content_access', 'acl');
-
- /**
- * Implementation of get_info() for information
+ * Implementation of get_info() for information.
*/
public static function getInfo() {
- return array(
+ return [
'name' => t('Content Access Module Tests'),
- 'description' => t('Various tests to check permission settings on nodes.'),
+ 'description' => t(
+ 'Various tests to check permission settings on nodes.'
+ ),
'group' => t('Content Access'),
- );
+ ];
}
- function setUp() {
+ /**
+ * {@inheritdoc}
+ */
+ public function setUp() {
parent::setUp();
- // Create test nodes
- $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->id()));
- $this->node2 = $this->drupalCreateNode(array('type' => $this->content_type->id()));
+ // Create test nodes.
+ $this->node1 = $this->drupalCreateNode(['type' => $this->content_type->id()]);
+ $this->node2 = $this->drupalCreateNode(['type' => $this->content_type->id()]);
}
/**
- * Test for viewing nodes
+ * Test for viewing nodes.
*/
function testViewAccess() {
- // Restrict access to the content type (access is only allowed for the author)
- $access_permissions = array(
+ // Restrict access to the content type.
+ $access_permissions = [
'view[anonymous]' => FALSE,
'view[authenticated]' => FALSE,
- );
+ ];
$this->changeAccessContentType($access_permissions);
- // Logout admin and try to access the node anonymously
+ // Logout admin and try to access the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id());
- $this->assertText(t('Access denied'), 'node is not viewable');
+ $this->drupalGet('node/' . $this->node1->id());
+ $this->assertText(t('Access denied'), 'node1 is not viewable');
- // Login test user, view node, access must be denied
+ // Login test user, view node, access must be denied.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id());
- $this->assertText(t('Access denied'), 'node is not viewable');
+ $this->drupalGet('node/' . $this->node1->id());
+ $this->assertText(t('Access denied'), 'node1 is not viewable');
- // Login admin and grant access for viewing to the test user
+ // Login admin and grant access for viewing to the test user.
$this->drupalLogin($this->admin_user);
$this->changeAccessContentTypeKeyword('view');
// Logout admin and try to access the node anonymously
- // access must be denied again
+ // access must be denied again.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id());
- $this->assertText(t('Access denied'), 'node is not viewable');
+ $this->drupalGet('node/' . $this->node1->id());
+ $this->assertText(t('Access denied'), 'node1 is not viewable');
- // Login test user, view node, access must be granted
+ // Login test user, view node, access must be granted.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id());
- $this->assertNoText(t('Access denied'), 'node is viewable');
+ $this->drupalGet('node/' . $this->node1->id());
+ $this->assertNoText(t('Access denied'), 'node1 is viewable');
- // Login admin and enable per node access
+ // Login admin and enable per node access.
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode();
- // Restrict access on node2 for the test user role
+ // Restrict access on node2 for the test user role.
$this->changeAccessNodeKeyword($this->node2, 'view', FALSE);
- // Logout admin and try to access both nodes anonymously
+ // Logout admin and try to access both nodes anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertText(t('Access denied'), 'node1 is not viewable');
- $this->drupalGet('node/'. $this->node2->id());
+ $this->drupalGet('node/' . $this->node2->id());
$this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login test user, view node1, access must be granted
+ // Login test user, view node1, access must be granted.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertNoText(t('Access denied'), 'node1 is viewable');
- // View node2, access must be denied
- $this->drupalGet('node/'. $this->node2->id());
+ // View node2, access must be denied.
+ $this->drupalGet('node/' . $this->node2->id());
$this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login admin, swap permissions between content type and node2
+ // Login admin, swap permissions between content type and node2.
$this->drupalLogin($this->admin_user);
// Restrict access to content type
@@ -108,240 +106,250 @@ class ContentAccessModuleTestCase extends ContentAccessTestHelp {
// Grant access to node2
$this->changeAccessNodeKeyword($this->node2, 'view');
- // Logout admin and try to access both nodes anonymously
+ // Logout admin and try to access both nodes anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertText(t('Access denied'), 'node1 is not viewable');
- $this->drupalGet('node/'. $this->node2->id());
+ $this->drupalGet('node/' . $this->node2->id());
$this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login test user, view node1, access must be denied
+ // Login test user, view node1, access must be denied.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertText(t('Access denied'), 'node1 is not viewable');
- // View node2, access must be granted
- $this->drupalGet('node/'. $this->node2->id());
+ // View node2, access must be granted.
+ $this->drupalGet('node/' . $this->node2->id());
$this->assertNoText(t('Access denied'), 'node2 is viewable');
}
/**
- * Test for editing nodes
+ * Test for editing nodes.
*/
function testEditAccess() {
- // Logout admin and try to edit the node anonymously
+ // Logout admin and try to edit the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() . '/edit');
$this->assertText(t('Access denied'), 'edit access denied for anonymous');
- // Login test user, edit node, access must be denied
+ // Login test user, edit node, access must be denied.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() . '/edit');
$this->assertText(t('Access denied'), 'edit access denied for test user');
- // Login admin and grant access for editing to the test user
+ // Login admin and grant access for editing to the test user.
$this->drupalLogin($this->admin_user);
$this->changeAccessContentTypeKeyword('update');
// Logout admin and try to edit the node anonymously
- // access must be denied again
+ // access must be denied again.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() . '/edit');
$this->assertText(t('Access denied'), 'edit access denied for anonymous');
- // Login test user, edit node, access must be granted
+ // Login test user, edit node, access must be granted.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() . '/edit');
$this->assertNoText(t('Access denied'), 'node1 is editable');
- // Login admin and enable per node access
+ // Login admin and enable per node access.
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode();
- // Restrict access for this content type for the test user
+ // Restrict access for this content type for the test user.
$this->changeAccessContentTypeKeyword('update', FALSE);
// Allow acces for node1 only
$this->changeAccessNodeKeyword($this->node1, 'update');
$this->changeAccessNodeKeyword($this->node2, 'update', FALSE);
- // Logout admin and try to edit both nodes anonymously
+ // Logout admin and try to edit both nodes anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() . '/edit');
$this->assertText(t('Access denied'), 'node1 is not editable');
- $this->drupalGet('node/'. $this->node2->id() .'/edit');
+ $this->drupalGet('node/' . $this->node2->id() . '/edit');
$this->assertText(t('Access denied'), 'node2 is not editable');
- // Login test user, edit node1, access must be granted
+ // Login test user, edit node1, access must be granted.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() . '/edit');
$this->assertNoText(t('Access denied'), 'node1 is editable');
- // Edit node2, access must be denied
- $this->drupalGet('node/'. $this->node2->id() .'/edit');
+ // Edit node2, access must be denied.
+ $this->drupalGet('node/' . $this->node2->id() . '/edit');
$this->assertText(t('Access denied'), 'node2 is not editable');
- // Login admin, swap permissions between node1 and node2
+ // Login admin, swap permissions between node1 and node2.
$this->drupalLogin($this->admin_user);
- // Grant edit access to node2
+ // Grant edit access to node2.
$this->changeAccessNodeKeyword($this->node2, 'update');
- // Restrict edit acces to node1
+ // Restrict edit access to node1.
$this->changeAccessNodeKeyword($this->node1, 'update', FALSE);
- // Logout admin and try to edit both nodes anonymously
+ // Logout admin and try to edit both nodes anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() . '/edit');
$this->assertText(t('Access denied'), 'node1 is not editable');
- $this->drupalGet('node/'. $this->node2->id() .'/edit');
+ $this->drupalGet('node/' . $this->node2->id() . '/edit');
$this->assertText(t('Access denied'), 'node2 is not editable');
- // Login test user, edit node1, access must be denied
+ // Login test user, edit node1, access must be denied.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id() .'/edit');
+ $this->drupalGet('node/' . $this->node1->id() . '/edit');
$this->assertText(t('Access denied'), 'node1 is not editable');
- // Edit node2, access must be granted
- $this->drupalGet('node/'. $this->node2->id() .'/edit');
+ // Edit node2, access must be granted.
+ $this->drupalGet('node/' . $this->node2->id() . '/edit');
$this->assertNoText(t('Access denied'), 'node2 is editable');
}
/**
- * Test for deleting nodes
+ * Test for deleting nodes.
*/
function testDeleteAccess() {
- // Logout admin and try to delete the node anonymously
+ // Logout admin and try to delete the node anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() . '/delete');
$this->assertText(t('Access denied'), 'delete access denied for anonymous');
- // Login test user, delete node, access must be denied
+ // Login test user, delete node, access must be denied.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() . '/delete');
$this->assertText(t('Access denied'), 'delete access denied for test user');
- // Login admin and grant access for deleting to the test user
+ // Login admin and grant access for deleting to the test user.
$this->drupalLogin($this->admin_user);
$this->changeAccessContentTypeKeyword('delete');
// Logout admin and try to edit the node anonymously
- // access must be denied again
+ // access must be denied again.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() . '/delete');
$this->assertText(t('Access denied'), 'delete access denied for anonymous');
- // Login test user, delete node, access must be granted
+ // Login test user, delete node, access must be granted.
$this->drupalLogin($this->test_user);
- $this->drupalPostForm('node/'. $this->node1->id() .'/delete', array(), 'Delete');
- $this->assertRaw(t('%node has been deleted', array('%node' => $this->node1->getTitle())), 'Test node was deleted successfully by test user');
+ $this->drupalPostForm(
+ 'node/' . $this->node1->id() . '/delete',
+ array(),
+ 'Delete'
+ );
+ $this->assertRaw(
+ t('%node has been deleted', array('%node' => $this->node1->getTitle())),
+ 'Test node was deleted successfully by test user'
+ );
- // Login admin and recreate test node1
+ // Login admin and recreate test node1.
$this->drupalLogin($this->admin_user);
- $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->id()));
+ $this->node1 = $this->drupalCreateNode(
+ array('type' => $this->content_type->id())
+ );
- // Enable per node access
+ // Enable per node access.
$this->changeAccessPerNode();
- // Restrict access for this content type for the test user
+ // Restrict access for this content type for the test user.
$this->changeAccessContentTypeKeyword('delete', FALSE);
- // Allow acces for node1 only
+ // Allow acces for node1 only.
$this->changeAccessNodeKeyword($this->node1, 'delete');
$this->changeAccessNodeKeyword($this->node2, 'delete', FALSE);
- // Logout admin and try to delete both nodes anonymously
+ // Logout admin and try to delete both nodes anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() . '/delete');
$this->assertText(t('Access denied'), 'node1 is not deletable');
- $this->drupalGet('node/'. $this->node2->id() .'/delete');
+ $this->drupalGet('node/' . $this->node2->id() . '/delete');
$this->assertText(t('Access denied'), 'node2 is not deletable');
- // Login test user, delete node1, access must be granted
+ // Login test user, delete node1, access must be granted.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() . '/delete');
$this->assertNoText(t('Access denied'), 'node1 is deletable');
- // Delete node2, access must be denied
- $this->drupalGet('node/'. $this->node2->id() .'/delete');
+ // Delete node2, access must be denied.
+ $this->drupalGet('node/' . $this->node2->id() . '/delete');
$this->assertText(t('Access denied'), 'node2 is not deletable');
- // Login admin, swap permissions between node1 and node2
+ // Login admin, swap permissions between node1 and node2.
$this->drupalLogin($this->admin_user);
- // Grant delete access to node2
+ // Grant delete access to node2.
$this->changeAccessNodeKeyword($this->node2, 'delete');
- // Restrict delete acces to node1
+ // Restrict delete acces to node1.
$this->changeAccessNodeKeyword($this->node1, 'delete', FALSE);
- // Logout admin and try to delete both nodes anonymously
+ // Logout admin and try to delete both nodes anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() . '/delete');
$this->assertText(t('Access denied'), 'node1 is not deletable');
- $this->drupalGet('node/'. $this->node2->id() .'/delete');
+ $this->drupalGet('node/' . $this->node2->id() . '/delete');
$this->assertText(t('Access denied'), 'node2 is not deletable');
- // Login test user, delete node1, access must be denied
+ // Login test user, delete node1, access must be denied.
$this->drupalLogin($this->test_user);
- $this->drupalGet('node/'. $this->node1->id() .'/delete');
+ $this->drupalGet('node/' . $this->node1->id() . '/delete');
$this->assertText(t('Access denied'), 'node1 is not deletable');
- // Delete node2, access must be granted
- $this->drupalGet('node/'. $this->node2->id() .'/delete');
+ // Delete node2, access must be granted.
+ $this->drupalGet('node/' . $this->node2->id() . '/delete');
$this->assertNoText(t('Access denied'), 'node2 is deletable');
}
/**
- * Test own view access
+ * Test own view access.
*/
function testOwnViewAccess() {
- // Setup 2 test users
+ // Setup 2 test users.
$test_user1 = $this->test_user;
$test_user2 = $this->drupalCreateUser();
- // Change ownership of test nodes to test users
+ // Change ownership of test nodes to test users.
$this->node1->setOwner($test_user1);
$this->node1->save();
$this->node2->setOwner($test_user2);
$this->node2->save();
- // Remove all view permissions for this content type
- $access_permissions = array(
+ // Remove all view permissions for this content type.
+ $access_permissions = [
'view[anonymous]' => FALSE,
'view[authenticated]' => FALSE,
'view_own[anonymous]' => FALSE,
'view_own[authenticated]' => FALSE,
- );
+ ];
$this->changeAccessContentType($access_permissions);
- // Allow view own content for test user 1 and 2 roles
+ // Allow view own content for test user 1 and 2 roles.
$this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user1);
$this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user2);
- // Logout admin and try to access both nodes anonymously
+ // Logout admin and try to access both nodes anonymously.
$this->drupalLogout();
- $this->drupalGet('node/'. $this->node1->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertText(t('Access denied'), 'node1 is not viewable');
- $this->drupalGet('node/'. $this->node2->id());
+ $this->drupalGet('node/' . $this->node2->id());
$this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login test user 1, view node1, access must be granted
+ // Login test user 1, view node1, access must be granted.
$this->drupalLogin($test_user1);
- $this->drupalGet('node/'. $this->node1->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertNoText(t('Access denied'), 'node1 is viewable');
- // View node2, access must be denied
- $this->drupalGet('node/'. $this->node2->id());
+ // View node2, access must be denied.
+ $this->drupalGet('node/' . $this->node2->id());
$this->assertText(t('Access denied'), 'node2 is not viewable');
- // Login test user 2, view node1, access must be denied
+ // Login test user 2, view node1, access must be denied.
$this->drupalLogin($test_user2);
- $this->drupalGet('node/'. $this->node1->id());
+ $this->drupalGet('node/' . $this->node1->id());
$this->assertText(t('Access denied'), 'node1 is not viewable');
- // View node2, access must be granted
- $this->drupalGet('node/'. $this->node2->id());
+ // View node2, access must be granted.
+ $this->drupalGet('node/' . $this->node2->id());
$this->assertNoText(t('Access denied'), 'node2 is viewable');
}
+
}
diff --git a/src/Tests/ContentAccessTestHelp.php b/src/Tests/ContentAccessTestHelp.php
index fbc4d23..c2c24fc 100644
--- a/src/Tests/ContentAccessTestHelp.php
+++ b/src/Tests/ContentAccessTestHelp.php
@@ -13,7 +13,7 @@ use Drupal\user\Entity\Role;
use Drupal\simpletest\WebTestBase;
/**
- * Helper class with auxiliary functions for content access module tests
+ * Helper class with auxiliary functions for content access module tests.
*/
class ContentAccessTestHelp extends WebTestBase {
@@ -26,49 +26,68 @@ class ContentAccessTestHelp extends WebTestBase {
protected $node2;
/**
+ * Modules to enable.
+ *
+ * @var array
+ */
+ public static $modules = ['content_access', 'acl'];
+
+ /**
* Preparation work that is done before each test.
* Test users, content types, nodes etc. are created.
*/
public function setUp() {
parent::setUp();
- // Create test user with seperate role
+ // Create test user with separate role.
$this->test_user = $this->drupalCreateUser();
- // Get the value of the new role
- // Needed in D7 because it's by default create two roles for new users
- // one role is Authenticated and the second is new default one
- // @see drupalCreateUser()
+ // Get the value of the new role.
+ // @see drupalCreateUser().
$test_user_roles = $this->test_user->getRoles();
foreach ($test_user_roles as $role) {
- if (!in_array($role, array(AccountInterface::AUTHENTICATED_ROLE))) {
+ if (!in_array($role, [AccountInterface::AUTHENTICATED_ROLE])) {
$this->rid = $role;
break;
}
}
- // Create admin user
- $this->admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'grant content access', 'grant own content access', 'administer nodes', 'access administration pages'));
+ // Create admin user.
+ $this->admin_user = $this->drupalCreateUser([
+ 'access content',
+ 'administer content types',
+ 'grant content access',
+ 'grant own content access',
+ 'administer nodes',
+ 'access administration pages'
+ ]);
$this->drupalLogin($this->admin_user);
- // Rebuild content access permissions
+ // Rebuild content access permissions.
node_access_rebuild();
- // Create test content type
+ // Create test content type.
$this->content_type = $this->drupalCreateContentType();
}
/**
- * Change access permissions for a content type
+ * Change access permissions for a content type.
*/
function changeAccessContentType($access_settings) {
- $this->drupalPostForm('admin/structure/types/manage/'. $this->content_type->id() .'/access', $access_settings, t('Submit'));
- $this->assertText(t('Your changes have been saved.'), 'access rules of content type were updated successfully');
+ $this->drupalPostForm(
+ 'admin/structure/types/manage/' . $this->content_type->id() . '/access',
+ $access_settings,
+ t('Submit')
+ );
+ $this->assertText(
+ t('Your changes have been saved.'),
+ 'access rules of content type were updated successfully'
+ );
}
/**
- * Change access permissions for a content type by a given keyword (view, update or delete)
- * for the role of the user
+ * Change access permissions for a content type by a given keyword
+ * for the role of the user.
*/
function changeAccessContentTypeKeyword($keyword, $access = TRUE, AccountInterface $user = NULL) {
$roles = array();
@@ -76,7 +95,8 @@ class ContentAccessTestHelp extends WebTestBase {
if ($user === NULL) {
$role = Role::load($this->rid);
$roles[$role->id()] = $role->id();
- } else {
+ }
+ else {
$user_roles = $user->getRoles();
foreach ($user_roles as $role) {
$roles[$role] = $role;
@@ -84,25 +104,26 @@ class ContentAccessTestHelp extends WebTestBase {
}
}
- $access_settings = array(
- $keyword .'['. key($roles) .']' => $access,
- );
+ $access_settings = [
+ $keyword . '[' . key($roles) . ']' => $access,
+ ];
$this->changeAccessContentType($access_settings);
}
/**
- * Change the per node access setting for a content type
+ * Change the per node access setting for a content type.
*/
function changeAccessPerNode($access = TRUE) {
- $access_permissions = array(
+ $access_permissions = [
'per_node' => $access,
- );
+ ];
$this->changeAccessContentType($access_permissions);
}
/**
- * Change access permissions for a node by a given keyword (view, update or delete)
+ * Change access permissions for a node by a given keyword
+ * (view, update or delete).
*/
function changeAccessNodeKeyword(NodeInterface $node, $keyword, $access = TRUE) {
$user = $this->test_user;
@@ -112,18 +133,22 @@ class ContentAccessTestHelp extends WebTestBase {
$roles[$role->id()] = $role->get('label');
}
- $access_settings = array(
- $keyword .'['. key($roles) .']' => $access,
- );
+ $access_settings = [
+ $keyword . '[' . key($roles) . ']' => $access,
+ ];
$this->changeAccessNode($node, $access_settings);
}
/**
- * Change access permission for a node
+ * Change access permission for a node.
*/
function changeAccessNode(NodeInterface $node, $access_settings) {
- $this->drupalPostForm('node/'. $node->id() .'/access', $access_settings, t('Submit'));
- $this->assertText(t('Your changes have been saved.'), 'access rules of node were updated successfully');
+ $this->drupalPostForm('node/' . $node->id() . '/access', $access_settings, t('Submit'));
+ $this->assertText(
+ t('Your changes have been saved.'),
+ 'access rules of node were updated successfully'
+ );
}
+
}