Skip to content

Commit

Permalink
Merge pull request #63 from OS2Forms/f/permissions_by_term_node_access
Browse files Browse the repository at this point in the history 
os2forms_permissions_by_term: removing node access control
  • Loading branch information
@stankut
stankut authored Oct 2, 2023
2 parents 14deaec + 7e5a35f commit 77676fe
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 169 deletions.
2 changes: 1 addition & 1 deletion modules/os2forms_permissions_by_term/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Alternative change your site configuration on admin/permissions-by-term/settings
be thoroughly tested.

## Usage
- The user affiliation taxonomy is added to webform config form, nodes (of type webform) and Maestro workflow forms.
- The user affiliation taxonomy is added to webform config form and Maestro workflow forms.
- The Permissions by Term module adds a form element to the user form.
- When a user visits an entity of the above mentioned this module checks for match between the entity and the users
affiliation. If no match is found access is denied.
Expand Down
28 changes: 0 additions & 28 deletions modules/os2forms_permissions_by_term/os2forms_permissions_by_term.module
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
use Drupal\Core\Config\Entity\ConfigEntityInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\node\NodeInterface;
use Drupal\os2forms_permissions_by_term\Form\SettingsForm;
use Drupal\views\Plugin\views\query\QueryPluginBase;
use Drupal\views\ViewExecutable;
Expand Down Expand Up @@ -50,15 +49,6 @@ function os2forms_permissions_by_term_form_webform_settings_form_alter(array &$f
\Drupal::service('os2forms_permissions_by_term.helper')->webformAlter($form, $form_state, 'settings');
}

/**
* Implements hook_form_FORM_ID_alter().
*
* Alter the node add/edit form.
*/
function os2forms_permissions_by_term_form_node_form_alter(array &$form, FormStateInterface $form_state) {
\Drupal::service('os2forms_permissions_by_term.helper')->nodeFormAlter($form, $form_state);
}

/**
* Implements hook_ENTITY_TYPE_access() for webform entities.
*
Expand All @@ -68,15 +58,6 @@ function os2forms_permissions_by_term_webform_access(WebformInterface $webform,
return \Drupal::service('os2forms_permissions_by_term.helper')->webformAccess($webform, $operation, $account);
}

/**
* Implements hook_ENTITY_TYPE_access() for node entities.
*
* Allow/deny access to node.
*/
function os2forms_permissions_by_term_node_access(NodeInterface $node, $operation, AccountInterface $account) {
return \Drupal::service('os2forms_permissions_by_term.helper')->nodeAccess($node, $operation, $account);
}

/**
* Implements hook_form_FORM_ID_alter().
*
Expand Down Expand Up @@ -122,15 +103,6 @@ function os2forms_permissions_by_term_form_alter(array &$form, FormStateInterfac
\Drupal::service('os2forms_permissions_by_term.maestro_template_helper')->maestroFormAlter($form, $form_state, $form_id);
}

/**
* Implements hook_options_list_alter().
*
* Change options list field for node.field_os2forms_permissions.
*/
function os2forms_permissions_by_term_options_list_alter(array &$options, array $context) {
\Drupal::service('os2forms_permissions_by_term.helper')->optionsListAlter($options, $context);
}

/**
* Implements hook_views_query_alter().
*
Expand Down
140 changes: 0 additions & 140 deletions modules/os2forms_permissions_by_term/src/Helper/Helper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,7 @@
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Session\AccountProxyInterface;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\Core\Url;
use Drupal\node\NodeInterface;
use Drupal\permissions_by_term\Service\AccessStorage;
use Drupal\user\Entity\User;
use Drupal\webform\WebformInterface;

/**
Expand Down Expand Up @@ -209,34 +206,6 @@ public function webformAccess(WebformInterface $webform, $operation, AccountInte
return AccessResult::neutral();
}

/**
* Implementation of hook_ENTITY_TYPE_access().
*
* Check access on node related operations.
*
* @param \Drupal\node\NodeInterface $node
* The node entity.
* @param string $operation
* The operation being performed on the node.
* @param \Drupal\Core\Session\AccountInterface $account
* The current user.
*
* @return mixed
* The resulting access permission.
*/
public function nodeAccess(NodeInterface $node, $operation, AccountInterface $account) {
if ('webform' === $node->bundle()) {
switch ($operation) {
case 'view':
// Deny access to node view if no permission by term is set.
$nodePermissionsByTerm = $node->field_os2forms_permissions->getValue();
return empty($nodePermissionsByTerm)
? AccessResult::forbidden()
: AccessResult::neutral();
}
}
}

/**
* Custom submit handler for webform add/edit form.
*
Expand All @@ -263,54 +232,6 @@ public function webformSubmit(array $form, FormStateInterface $form_state) {
$webform->save();
}

/**
* Implementation of hook_form_FORM_ID_alter().
*
* Add permission by term selection to node "add" and "edit".
*
* @param array $form
* The form being altered.
* @param \Drupal\Core\Form\FormStateInterface $form_state
* The state of the form.
*
* @throws \Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException
* @throws \Drupal\Component\Plugin\Exception\PluginNotFoundException
*/
public function nodeFormAlter(array &$form, FormStateInterface $form_state) {
/** @var \Drupal\Core\Entity\EntityForm $formObject */
$formObject = $form_state->getFormObject();
$nodeBundle = $formObject->getEntity()->bundle();
if (1 === (int) $this->account->id() || 'webform' !== $nodeBundle) {
return;
}

// Run custom submit handler before default node submission.
array_unshift(
$form['actions']['submit']['#submit'],
[$this, 'nodeWebformPermisisonsByTermSubmit']
);
$user = $this->entityTypeManager->getStorage('user')->load($this->account->id());
$userTerms = $this->accessStorage->getPermittedTids($user->id(), $user->getRoles());
$anonymousTerms = $this->accessStorage->getPermittedTids(0, ['anonymous']);
$webformReference = $form['webform']['widget'][0]['target_id']['#default_value'];
// If a webform is referenced from the node add message.
if ($webformReference) {
$url = URL::fromRoute('entity.webform.settings_access', ['webform' => $webformReference])->toString();
$form['field_os2forms_permissions']['widget'][0]['#prefix'] =
'<div class="alert alert-warning">' . $this->t('Anonymous access to view this content is set on <a href="@url">the related webform access page</a> . (Create submissions permission)', ['@url' => $url]) . '</div>';
}
// Disable anonymous terms. They should always be fetched from webform.
foreach ($anonymousTerms as $termId) {
$form['field_os2forms_permissions']['widget'][$termId]['#disabled'] = TRUE;
}

// Set access value automatically if user only has one term option.
if (1 === count($userTerms)) {
$form['field_os2forms_permissions']['widget']['#disabled'] = TRUE;
$form['field_os2forms_permissions']['widget']['#default_value'][] = $userTerms[0];
}
}

/**
* Implements hook_field_widget_multivalue_WIDGET_TYPE_form_alter().
*
Expand All @@ -330,67 +251,6 @@ public function fieldWidgetWebformEntityReferenceFormAlter(array &$elements) {
$elements[0]['target_id']['#options'] = $result;
}

/**
* Implements hook_options_list_alter().
*
* Change options list field for node.field_os2forms_permissions.
* Add anonymous option to allow the form to be displayed for anonymous users.
*
* @param array $options
* The options of the list.
* @param array $context
* The context of the options list.
*
* @throws \Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException
* @throws \Drupal\Component\Plugin\Exception\PluginNotFoundException
*/
public function optionsListAlter(array &$options, array $context) {
// Alter the field_os2forms_permissions options list.
if ('node.field_os2forms_permissions' !== $context['fieldDefinition']->getFieldStorageDefinition()->id()) {
return;
}
// Limit options to those available on user profile.
$options = [];
$user = $this->entityTypeManager->getStorage('user')->load($this->account->id());
$userTerms = $this->accessStorage->getPermittedTids($user->id(), $user->getRoles());
foreach ($userTerms as $userTerm) {
$term = $this->entityTypeManager->getStorage('taxonomy_term')->load($userTerm);
$options[$userTerm] = $term->label();
}
$anonymousTerms = $this->accessStorage->getPermittedTids(0, ['anonymous']);
foreach ($anonymousTerms as $termId) {
$term = $this->entityTypeManager->getStorage('taxonomy_term')->load($termId);
$label = $this->t('@term_label (Note: View permission only. This setting depends on the related webform.)', ['@term_label' => $term->label()]);
$options = [$termId => $label] + $options;
}
}

/**
* Custom submit handler for setting permissions by term on node.
*
* @param array $form
* The form that is being submitted.
* @param \Drupal\Core\Form\FormStateInterface $form_state
* The state of the form being submitted.
*/
public function nodeWebformPermisisonsByTermSubmit(array $form, FormStateInterface $form_state) {
$webformReference = $form_state->getValue('webform');
$webformTarget = $webformReference['0']['target_id'] ?? NULL;
if (!$webformTarget) {
return;
}
$existingValues = $form_state->getValue('field_os2forms_permissions');
$anonymousTerms = $this->accessStorage->getPermittedTids(0, ['anonymous']);
$anonymousUser = User::getAnonymousUser();
$referencedWebform = $this->entityTypeManager->getStorage('webform')->load($webformTarget);
foreach ($anonymousTerms as $termId) {
if ($referencedWebform->access('submission_create', $anonymousUser)) {
$existingValues[] = ['target_id' => $termId];
}
}
$form_state->setValue('field_os2forms_permissions', $existingValues);
}

/**
* Add to the private variable webformSelectOptions.
*
Expand Down

0 comments on commit 77676fe

Please sign in to comment.