Skip to content
Snippets Groups Projects

Add a function to directly check if a user has access to a taxonomy term

Merged Add a function to directly check if a user has access to a taxonomy term
issue/access_by_taxonomy-3465983:1.0.x into 1.0.x
Merged federico prato requested to merge issue/access_by_taxonomy-3465983:1.0.x into 1.0.x
Compare
and
4 files
+ 184
24
Compare changes
  • Side-by-side
  • Inline
Files
4
src/AccessByTaxonomyService.php
+ 88
17
@@ -9,7 +9,9 @@ use Drupal\Core\Entity\EntityFieldManagerInterface;
use Drupal\Core\Entity\EntityStorageException;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Logger\LoggerChannelInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\field\Entity\FieldConfig;
use Drupal\taxonomy\Entity\Term;
/**
* Class AccessByTaxonomyService.
@@ -26,6 +28,7 @@ final class AccessByTaxonomyService {
private readonly EntityTypeManagerInterface $entityTypeManager,
private readonly LoggerChannelInterface $loggerChannelAccessByTaxonomy,
private readonly Connection $connection,
private readonly AccountInterface $account,
) {}
/**
@@ -74,6 +77,65 @@ final class AccessByTaxonomyService {
}
}
/**
* Checks access to a term.
*
* @param int $tid
* The taxonomy term ID to check for.
* @param \Drupal\Core\Session\AccountInterface|null $account
* The optional account. If not passed, the current user is used.
*
* @return bool
* Whether the user has access to the term.
*/
public function canUserAccessTerm(int $tid, ?AccountInterface $account = NULL): bool {
// If the account is not passed, use the currently logged-in user.
if (!isset($account)) {
$account = $this->account;
}
$term = Term::load($tid);
if (!$term) {
return FALSE;
}
$allowed_roles = $term->get('field_allowed_roles')->getValue();
$result = TRUE;
if ($account->hasPermission('bypass node access')) {
return $result;
}
// In case the term has specified roles, check if the user has any of them.
if ($allowed_roles) {
$result = FALSE;
$user_roles = $account->getRoles();
$allowed_roles_simplified = [];
foreach ($allowed_roles as $role) {
$allowed_roles_simplified[] = $role['target_id'];
}
foreach ($user_roles as $role) {
if (in_array($role, $allowed_roles_simplified)) {
return TRUE;
}
}
}
// User has not been allowed by roles, check if in the allowed users list.
$allowed_users = $term->get('field_allowed_users')->getValue();
if ($allowed_users) {
$result = FALSE;
$allowed_users_simplified = [];
foreach ($allowed_users as $user) {
$allowed_users_simplified[] = $user['target_id'];
}
if (in_array($account->id(), $allowed_users_simplified)) {
$result = TRUE;
}
}
return $result;
}
/**
* Adds a field to a vocabulary.
*/
@@ -107,24 +169,33 @@ final class AccessByTaxonomyService {
$entity_form_display_storage = $this->entityTypeManager->getStorage('entity_form_display');
// Set the form display.
// Try to load the existing form display for the taxonomy term bundle:
$form_display = $entity_form_display_storage->load('taxonomy_term.' . $vocabulary . '.default');
if ($form_display) {
if ($field_name == 'field_allowed_users') {
$form_display->setComponent($field_name, [
'type' => 'entity_reference_autocomplete',
]);
}
else {
$form_display->setComponent($field_name, [
'type' => 'options_buttons',
]);
}
try {
$form_display->save();
}
catch (EntityStorageException $e) {
$this->loggerChannelAccessByTaxonomy->error($e->getMessage());
}
if (!$form_display) {
// If the form display does not exist, create it:
$form_display = $entity_form_display_storage->create([
'targetEntityType' => 'taxonomy_term',
'bundle' => $vocabulary,
'mode' => 'default',
'status' => TRUE,
]);
}
if ($field_name == 'field_allowed_users') {
$form_display->setComponent($field_name, [
'type' => 'entity_reference_autocomplete',
]);
}
else {
$form_display->setComponent($field_name, [
'type' => 'options_buttons',
]);
}
try {
$form_display->save();
}
catch (EntityStorageException $e) {
$this->loggerChannelAccessByTaxonomy->error($e->getMessage());
}
// Set the view display.