Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

os2forms_permissions_by_term: removing node access control #63

Merged
merged 1 commit into from
Oct 2, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion modules/os2forms_permissions_by_term/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Alternative change your site configuration on admin/permissions-by-term/settings
be thoroughly tested.

## Usage
- The user affiliation taxonomy is added to webform config form, nodes (of type webform) and Maestro workflow forms.
- The user affiliation taxonomy is added to webform config form and Maestro workflow forms.
- The Permissions by Term module adds a form element to the user form.
- When a user visits an entity of the above mentioned this module checks for match between the entity and the users
affiliation. If no match is found access is denied.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
use Drupal\Core\Config\Entity\ConfigEntityInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\node\NodeInterface;
use Drupal\os2forms_permissions_by_term\Form\SettingsForm;
use Drupal\views\Plugin\views\query\QueryPluginBase;
use Drupal\views\ViewExecutable;
Expand Down Expand Up @@ -50,15 +49,6 @@ function os2forms_permissions_by_term_form_webform_settings_form_alter(array &$f
\Drupal::service('os2forms_permissions_by_term.helper')->webformAlter($form, $form_state, 'settings');
}

/**
* Implements hook_form_FORM_ID_alter().
*
* Alter the node add/edit form.
*/
function os2forms_permissions_by_term_form_node_form_alter(array &$form, FormStateInterface $form_state) {
\Drupal::service('os2forms_permissions_by_term.helper')->nodeFormAlter($form, $form_state);
}

/**
* Implements hook_ENTITY_TYPE_access() for webform entities.
*
Expand All @@ -68,15 +58,6 @@ function os2forms_permissions_by_term_webform_access(WebformInterface $webform,
return \Drupal::service('os2forms_permissions_by_term.helper')->webformAccess($webform, $operation, $account);
}

/**
* Implements hook_ENTITY_TYPE_access() for node entities.
*
* Allow/deny access to node.
*/
function os2forms_permissions_by_term_node_access(NodeInterface $node, $operation, AccountInterface $account) {
return \Drupal::service('os2forms_permissions_by_term.helper')->nodeAccess($node, $operation, $account);
}

/**
* Implements hook_form_FORM_ID_alter().
*
Expand Down Expand Up @@ -122,15 +103,6 @@ function os2forms_permissions_by_term_form_alter(array &$form, FormStateInterfac
\Drupal::service('os2forms_permissions_by_term.maestro_template_helper')->maestroFormAlter($form, $form_state, $form_id);
}

/**
* Implements hook_options_list_alter().
*
* Change options list field for node.field_os2forms_permissions.
*/
function os2forms_permissions_by_term_options_list_alter(array &$options, array $context) {
\Drupal::service('os2forms_permissions_by_term.helper')->optionsListAlter($options, $context);
}

/**
* Implements hook_views_query_alter().
*
Expand Down
140 changes: 0 additions & 140 deletions modules/os2forms_permissions_by_term/src/Helper/Helper.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,7 @@
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Session\AccountProxyInterface;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\Core\Url;
use Drupal\node\NodeInterface;
use Drupal\permissions_by_term\Service\AccessStorage;
use Drupal\user\Entity\User;
use Drupal\webform\WebformInterface;

/**
Expand Down Expand Up @@ -209,34 +206,6 @@ public function webformAccess(WebformInterface $webform, $operation, AccountInte
return AccessResult::neutral();
}

/**
* Implementation of hook_ENTITY_TYPE_access().
*
* Check access on node related operations.
*
* @param \Drupal\node\NodeInterface $node
* The node entity.
* @param string $operation
* The operation being performed on the node.
* @param \Drupal\Core\Session\AccountInterface $account
* The current user.
*
* @return mixed
* The resulting access permission.
*/
public function nodeAccess(NodeInterface $node, $operation, AccountInterface $account) {
if ('webform' === $node->bundle()) {
switch ($operation) {
case 'view':
// Deny access to node view if no permission by term is set.
$nodePermissionsByTerm = $node->field_os2forms_permissions->getValue();
return empty($nodePermissionsByTerm)
? AccessResult::forbidden()
: AccessResult::neutral();
}
}
}

/**
* Custom submit handler for webform add/edit form.
*
Expand All @@ -263,54 +232,6 @@ public function webformSubmit(array $form, FormStateInterface $form_state) {
$webform->save();
}

/**
* Implementation of hook_form_FORM_ID_alter().
*
* Add permission by term selection to node "add" and "edit".
*
* @param array $form
* The form being altered.
* @param \Drupal\Core\Form\FormStateInterface $form_state
* The state of the form.
*
* @throws \Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException
* @throws \Drupal\Component\Plugin\Exception\PluginNotFoundException
*/
public function nodeFormAlter(array &$form, FormStateInterface $form_state) {
/** @var \Drupal\Core\Entity\EntityForm $formObject */
$formObject = $form_state->getFormObject();
$nodeBundle = $formObject->getEntity()->bundle();
if (1 === (int) $this->account->id() || 'webform' !== $nodeBundle) {
return;
}

// Run custom submit handler before default node submission.
array_unshift(
$form['actions']['submit']['#submit'],
[$this, 'nodeWebformPermisisonsByTermSubmit']
);
$user = $this->entityTypeManager->getStorage('user')->load($this->account->id());
$userTerms = $this->accessStorage->getPermittedTids($user->id(), $user->getRoles());
$anonymousTerms = $this->accessStorage->getPermittedTids(0, ['anonymous']);
$webformReference = $form['webform']['widget'][0]['target_id']['#default_value'];
// If a webform is referenced from the node add message.
if ($webformReference) {
$url = URL::fromRoute('entity.webform.settings_access', ['webform' => $webformReference])->toString();
$form['field_os2forms_permissions']['widget'][0]['#prefix'] =
'<div class="alert alert-warning">' . $this->t('Anonymous access to view this content is set on <a href="@url">the related webform access page</a> . (Create submissions permission)', ['@url' => $url]) . '</div>';
}
// Disable anonymous terms. They should always be fetched from webform.
foreach ($anonymousTerms as $termId) {
$form['field_os2forms_permissions']['widget'][$termId]['#disabled'] = TRUE;
}

// Set access value automatically if user only has one term option.
if (1 === count($userTerms)) {
$form['field_os2forms_permissions']['widget']['#disabled'] = TRUE;
$form['field_os2forms_permissions']['widget']['#default_value'][] = $userTerms[0];
}
}

/**
* Implements hook_field_widget_multivalue_WIDGET_TYPE_form_alter().
*
Expand All @@ -330,67 +251,6 @@ public function fieldWidgetWebformEntityReferenceFormAlter(array &$elements) {
$elements[0]['target_id']['#options'] = $result;
}

/**
* Implements hook_options_list_alter().
*
* Change options list field for node.field_os2forms_permissions.
* Add anonymous option to allow the form to be displayed for anonymous users.
*
* @param array $options
* The options of the list.
* @param array $context
* The context of the options list.
*
* @throws \Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException
* @throws \Drupal\Component\Plugin\Exception\PluginNotFoundException
*/
public function optionsListAlter(array &$options, array $context) {
// Alter the field_os2forms_permissions options list.
if ('node.field_os2forms_permissions' !== $context['fieldDefinition']->getFieldStorageDefinition()->id()) {
return;
}
// Limit options to those available on user profile.
$options = [];
$user = $this->entityTypeManager->getStorage('user')->load($this->account->id());
$userTerms = $this->accessStorage->getPermittedTids($user->id(), $user->getRoles());
foreach ($userTerms as $userTerm) {
$term = $this->entityTypeManager->getStorage('taxonomy_term')->load($userTerm);
$options[$userTerm] = $term->label();
}
$anonymousTerms = $this->accessStorage->getPermittedTids(0, ['anonymous']);
foreach ($anonymousTerms as $termId) {
$term = $this->entityTypeManager->getStorage('taxonomy_term')->load($termId);
$label = $this->t('@term_label (Note: View permission only. This setting depends on the related webform.)', ['@term_label' => $term->label()]);
$options = [$termId => $label] + $options;
}
}

/**
* Custom submit handler for setting permissions by term on node.
*
* @param array $form
* The form that is being submitted.
* @param \Drupal\Core\Form\FormStateInterface $form_state
* The state of the form being submitted.
*/
public function nodeWebformPermisisonsByTermSubmit(array $form, FormStateInterface $form_state) {
$webformReference = $form_state->getValue('webform');
$webformTarget = $webformReference['0']['target_id'] ?? NULL;
if (!$webformTarget) {
return;
}
$existingValues = $form_state->getValue('field_os2forms_permissions');
$anonymousTerms = $this->accessStorage->getPermittedTids(0, ['anonymous']);
$anonymousUser = User::getAnonymousUser();
$referencedWebform = $this->entityTypeManager->getStorage('webform')->load($webformTarget);
foreach ($anonymousTerms as $termId) {
if ($referencedWebform->access('submission_create', $anonymousUser)) {
$existingValues[] = ['target_id' => $termId];
}
}
$form_state->setValue('field_os2forms_permissions', $existingValues);
}

/**
* Add to the private variable webformSelectOptions.
*
Expand Down