Add domain_unpublished grants so that users can make updates or deletions...

Add domain_unpublished grants so that users can make updates or deletions given that they have the correct permissions

Closes #3284795

domain_access/domain_access.module

@@ -15,6 +15,7 @@ use Drupal\Core\Session\AccountInterface;
 use Drupal\domain\DomainInterface;
 use Drupal\domain_access\DomainAccessManager;
 use Drupal\domain_access\DomainAccessManagerInterface;
+use Drupal\node\Entity\NodeType;
 use Drupal\node\NodeInterface;
 
 /**
@@ -52,14 +53,38 @@ function domain_access_node_grants(AccountInterface $account, $op) {
       }
     }
   }
-  elseif ($op === 'update' && $user->hasPermission('edit domain content')) {
-    if ($user->hasPermission('publish to any domain') || in_array($id, $user_domains, TRUE) || $user_in_all) {
-      $grants['domain_id'][] = $id;
+  elseif ($op === 'update') {
+    if ($user->hasPermission('edit domain content')) {
+      if ($user->hasPermission('publish to any domain') || in_array($id, $user_domains) || !empty($user->get(DomainAccessManagerInterface::DOMAIN_ACCESS_ALL_FIELD)->value)) {
+        $grants['domain_id'][] = $id;
+        $grants['domain_unpublished'][] = $id;
+      }
+    }
+    elseif (in_array($id, $user_domains) || !empty($user->get(DomainAccessManagerInterface::DOMAIN_ACCESS_ALL_FIELD)->value)) {
+      /* @see \Drupal\domain_access\DomainAccessPermissions::nodePermissions() */
+      foreach (array_keys(NodeType::loadMultiple()) as $type_id) {
+        if ($user->hasPermission("update {$type_id} content on assigned domains")) {
+          $grants['domain_id'][] = $id;
+          $grants['domain_unpublished'][] = $id;
+        }
+      }
     }
   }
-  elseif ($op === 'delete' && $user->hasPermission('delete domain content')) {
-    if ($user->hasPermission('publish to any domain') || in_array($id, $user_domains, TRUE) || $user_in_all) {
-      $grants['domain_id'][] = $id;
+  elseif ($op === 'delete') {
+    if ($user->hasPermission('delete domain content')) {
+      if ($user->hasPermission('publish to any domain') || in_array($id, $user_domains) || !empty($user->get(DomainAccessManagerInterface::DOMAIN_ACCESS_ALL_FIELD)->value)) {
+        $grants['domain_id'][] = $id;
+        $grants['domain_unpublished'][] = $id;
+      }
+    }
+    elseif (in_array($id, $user_domains) || !empty($user->get(DomainAccessManagerInterface::DOMAIN_ACCESS_ALL_FIELD)->value)) {
+      /* @see \Drupal\domain_access\DomainAccessPermissions::nodePermissions() */
+      foreach (array_keys(NodeType::loadMultiple()) as $type_id) {
+        if ($user->hasPermission("delete {$type_id} content on assigned domains")) {
+          $grants['domain_id'][] = $id;
+          $grants['domain_unpublished'][] = $id;
+        }
+      }
     }
   }
   return $grants;