diff -u b/core/modules/comment/comment.module b/core/modules/comment/comment.module --- b/core/modules/comment/comment.module +++ b/core/modules/comment/comment.module @@ -420,60 +420,18 @@ } /** - * Check is accessible requested comment field name in requested node. - * - * @param \Drupal\Core\Entity\EntityInterface $node - * Node object for index. - * @param string $field_name - * Field machine name. - * - * @return bool - * Result of check. - */ -function _comment_node_update_index_check_access(EntityInterface $node, $field_name) { - $access = &drupal_static(__FUNCTION__, array()); - $comment_type = $node->{$field_name}->getSetting('comment_type'); - - if (array_key_exists($comment_type, $access)) { - return $access[$comment_type]; - } - - // Do not index in the following three cases: - // 1. 'Authenticated user' can search content but can't access comments. - // 2. 'Anonymous user' can search content but can't access comments. - // 3. Any role can search content but can't access comments and access - // comments is not granted by the 'authenticated user' role. In this case - // all users might have both permissions from various roles but it is also - // possible to set up a user to have only search content and so a user - // edit could change the security situation so it is not safe to index the - // comments. - $access[$comment_type] = TRUE; - $roles = \Drupal::entityManager()->getStorage('user_role')->loadMultiple(); - $authenticated_can_access = $roles[RoleInterface::AUTHENTICATED_ID]->hasPermission('access comments ' . $comment_type); - foreach ($roles as $rid => $role) { - if ($role->hasPermission('search content') && !$role->hasPermission('access comments ' . $comment_type)) { - if ($rid == RoleInterface::AUTHENTICATED_ID || $rid == RoleInterface::ANONYMOUS_ID || !$authenticated_can_access) { - $access[$comment_type] = FALSE; - break; - } - } - } - - return $access[$comment_type]; -} - -/** * Implements hook_node_update_index(). */ function comment_node_update_index(EntityInterface $node) { $build = array(); + $manager = \Drupal::service('comment.manager'); - foreach (\Drupal::service('comment.manager')->getFields('node') as $field_name => $info) { + foreach ($manager->getFields('node') as $field_name => $info) { // Skip fields that entity does not have. if (!$node->hasField($field_name)) { continue; } - if (!_comment_node_update_index_check_access($node, $field_name)) { + if (!$manager->isIndexingAvailable($node, $field_name)) { continue; } $field_definition = $node->getFieldDefinition($field_name); diff -u b/core/modules/comment/src/CommentManager.php b/core/modules/comment/src/CommentManager.php --- b/core/modules/comment/src/CommentManager.php +++ b/core/modules/comment/src/CommentManager.php @@ -67,6 +67,13 @@ protected $currentUser; /** + * Comment types indexing permissions. + * + * @var array + */ + protected $typesIndexPermissions = array(); + + /** * Construct the CommentManager object. * * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager @@ -228,2 +235,36 @@ + /** + * {@inheritdoc} + */ + public function isIndexingAvailable(EntityInterface $entity, $field_name) { + $comment_type = $entity->{$field_name}->getSetting('comment_type'); + + if (array_key_exists($comment_type, $this->typesIndexPermissions)) { + return $this->typesIndexPermissions[$comment_type]; + } + + // Do not index in the following three cases: + // 1. 'Authenticated user' can search content but can't access comments. + // 2. 'Anonymous user' can search content but can't access comments. + // 3. Any role can search content but can't access comments and access + // comments is not granted by the 'authenticated user' role. In this case + // all users might have both permissions from various roles but it is also + // possible to set up a user to have only search content and so a user + // edit could change the security situation so it is not safe to index the + // comments. + $this->typesIndexPermissions[$comment_type] = TRUE; + $roles = $this->entityManager->getStorage('user_role')->loadMultiple(); + $authenticated_can_access = $roles[RoleInterface::AUTHENTICATED_ID]->hasPermission('access comments ' . $comment_type); + foreach ($roles as $rid => $role) { + if ($role->hasPermission('search content') && !$role->hasPermission('access comments ' . $comment_type)) { + if ($rid == RoleInterface::AUTHENTICATED_ID || $rid == RoleInterface::ANONYMOUS_ID || !$authenticated_can_access) { + $this->typesIndexPermissions[$comment_type] = FALSE; + break; + } + } + } + + return $this->typesIndexPermissions[$comment_type]; + } + } only in patch2: unchanged: --- a/core/modules/comment/src/CommentManagerInterface.php +++ b/core/modules/comment/src/CommentManagerInterface.php @@ -77,4 +77,17 @@ public function forbiddenMessage(EntityInterface $entity, $field_name); */ public function getCountNewComments(EntityInterface $entity, $field_name = NULL, $timestamp = 0); + /** + * Check is comments indexing available for requested entity field. + * + * @param \Drupal\Core\Entity\EntityInterface $entity + * Entity object to check. + * @param string $field_name + * Field machine name. + * + * @return bool + * Result of check. + */ + public function isIndexingAvailable(EntityInterface $entity, $field_name); + }