node.api.php 20.1 KB
Newer Older
1 2
<?php

3
use Drupal\node\NodeInterface;
4
use Drupal\Component\Utility\Html;
5
use Drupal\Component\Utility\Xss;
6
use Drupal\Core\Access\AccessResult;
7

8 9
/**
 * @file
10
 * Hooks specific to the Node module.
11 12
 */

13 14 15 16 17 18 19 20
/**
 * @addtogroup hooks
 * @{
 */

/**
 * Inform the node access system what permissions the user has.
 *
21 22 23 24
 * This hook is for implementation by node access modules. In this hook,
 * the module grants a user different "grant IDs" within one or more
 * "realms". In hook_node_access_records(), the realms and grant IDs are
 * associated with permission to view, edit, and delete individual nodes.
25
 *
26
 * The realms and grant IDs can be arbitrarily defined by your node access
27 28 29 30
 * module; it is common to use role IDs as grant IDs, but that is not required.
 * Your module could instead maintain its own list of users, where each list has
 * an ID. In that case, the return value of this hook would be an array of the
 * list IDs that this user is a member of.
31
 *
32 33 34 35 36
 * A node access module may implement as many realms as necessary to properly
 * define the access privileges for the nodes. Note that the system makes no
 * distinction between published and unpublished nodes. It is the module's
 * responsibility to provide appropriate realms to limit access to unpublished
 * content.
37
 *
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
 * Node access records are stored in the {node_access} table and define which
 * grants are required to access a node. There is a special case for the view
 * operation -- a record with node ID 0 corresponds to a "view all" grant for
 * the realm and grant ID of that record. If there are no node access modules
 * enabled, the core node module adds a node ID 0 record for realm 'all'. Node
 * access modules can also grant "view all" permission on their custom realms;
 * for example, a module could create a record in {node_access} with:
 * @code
 * $record = array(
 *   'nid' => 0,
 *   'gid' => 888,
 *   'realm' => 'example_realm',
 *   'grant_view' => 1,
 *   'grant_update' => 0,
 *   'grant_delete' => 0,
 * );
54
 * db_insert('node_access')->fields($record)->execute();
55 56 57 58 59 60 61 62 63 64 65 66
 * @endcode
 * And then in its hook_node_grants() implementation, it would need to return:
 * @code
 * if ($op == 'view') {
 *   $grants['example_realm'] = array(888);
 * }
 * @endcode
 * If you decide to do this, be aware that the node_access_rebuild() function
 * will erase any node ID 0 entry when it is called, so you will need to make
 * sure to restore your {node_access} record after node_access_rebuild() is
 * called.
 *
67
 * @param \Drupal\Core\Session\AccountInterface $account
68
 *   The account object whose grants are requested.
69
 * @param string $op
70
 *   The node operation to be performed, such as 'view', 'update', or 'delete'.
71
 *
72
 * @return array
73 74
 *   An array whose keys are "realms" of grants, and whose values are arrays of
 *   the grant IDs within this realm that this user is being granted.
75 76 77
 *
 * For a detailed example, see node_access_example.module.
 *
78 79
 * @see node_access_view_all_nodes()
 * @see node_access_rebuild()
80 81
 * @ingroup node_access
 */
82
function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) {
83
  if ($account->hasPermission('access private content')) {
84 85
    $grants['example'] = array(1);
  }
86 87 88
  if ($account->id()) {
    $grants['example_author'] = array($account->id());
  }
89 90 91 92 93 94
  return $grants;
}

/**
 * Set permissions for a node to be written to the database.
 *
95 96 97
 * When a node is saved, a module implementing hook_node_access_records() will
 * be asked if it is interested in the access permissions for a node. If it is
 * interested, it must respond with an array of permissions arrays for that
98 99
 * node.
 *
100 101 102 103 104 105
 * Node access grants apply regardless of the published or unpublished status
 * of the node. Implementations must make sure not to grant access to
 * unpublished nodes if they don't want to change the standard access control
 * behavior. Your module may need to create a separate access realm to handle
 * access to unpublished nodes.
 *
106 107 108
 * Note that the grant values in the return value from your hook must be
 * integers and not boolean TRUE and FALSE.
 *
109 110 111 112
 * Each permissions item in the array is an array with the following elements:
 * - 'realm': The name of a realm that the module has defined in
 *   hook_node_grants().
 * - 'gid': A 'grant ID' from hook_node_grants().
113
 * - 'grant_view': If set to 1 a user that has been identified as a member
114
 *   of this gid within this realm can view this node. This should usually be
115
 *   set to $node->isPublished(). Failure to do so may expose unpublished content
116
 *   to some users.
117
 * - 'grant_update': If set to 1 a user that has been identified as a member
118
 *   of this gid within this realm can edit this node.
119
 * - 'grant_delete': If set to 1 a user that has been identified as a member
120
 *   of this gid within this realm can delete this node.
121 122 123 124 125 126 127 128
 * - langcode: (optional) The language code of a specific translation of the
 *   node, if any. Modules may add this key to grant different access to
 *   different translations of a node, such that (e.g.) a particular group is
 *   granted access to edit the Catalan version of the node, but not the
 *   Hungarian version. If no value is provided, the langcode is set
 *   automatically from the $node parameter and the node's original language (if
 *   specified) is used as a fallback. Only specify multiple grant records with
 *   different languages for a node if the site has those languages configured.
129
 *
130 131
 * A "deny all" grant may be used to deny all access to a particular node or
 * node translation:
132 133 134 135 136 137 138
 * @code
 * $grants[] = array(
 *   'realm' => 'all',
 *   'gid' => 0,
 *   'grant_view' => 0,
 *   'grant_update' => 0,
 *   'grant_delete' => 0,
139
 *   'langcode' => 'ca',
140 141
 * );
 * @endcode
142 143 144 145 146
 * Note that another module node access module could override this by granting
 * access to one or more nodes, since grants are additive. To enforce that
 * access is denied in a particular case, use hook_node_access_records_alter().
 * Also note that a deny all is not written to the database; denies are
 * implicit.
147
 *
148
 * @param \Drupal\node\NodeInterface $node
149 150 151 152 153
 *   The node that has just been saved.
 *
 * @return
 *   An array of grants as defined above.
 *
154
 * @see hook_node_access_records_alter()
155 156
 * @ingroup node_access
 */
157
function hook_node_access_records(\Drupal\node\NodeInterface $node) {
158
  // We only care about the node if it has been marked private. If not, it is
159
  // treated just like any other node and we completely ignore it.
160
  if ($node->private->value) {
161
    $grants = array();
162
    // Only published Catalan translations of private nodes should be viewable
163
    // to all users. If we fail to check $node->isPublished(), all users would be able
164
    // to view an unpublished node.
165
    if ($node->isPublished()) {
166 167 168 169 170 171
      $grants[] = array(
        'realm' => 'example',
        'gid' => 1,
        'grant_view' => 1,
        'grant_update' => 0,
        'grant_delete' => 0,
172
        'langcode' => 'ca'
173 174
      );
    }
175
    // For the example_author array, the GID is equivalent to a UID, which
176 177 178
    // means there are many groups of just 1 user.
    // Note that an author can always view his or her nodes, even if they
    // have status unpublished.
179 180 181 182 183 184 185 186 187 188
    if ($node->getOwnerId()) {
      $grants[] = array(
        'realm' => 'example_author',
        'gid' => $node->getOwnerId(),
        'grant_view' => 1,
        'grant_update' => 1,
        'grant_delete' => 1,
        'langcode' => 'ca'
      );
    }
189

190 191 192 193
    return $grants;
  }
}

194 195 196 197 198 199 200 201 202 203 204 205 206 207 208
/**
 * Alter permissions for a node before it is written to the database.
 *
 * Node access modules establish rules for user access to content. Node access
 * records are stored in the {node_access} table and define which permissions
 * are required to access a node. This hook is invoked after node access modules
 * returned their requirements via hook_node_access_records(); doing so allows
 * modules to modify the $grants array by reference before it is stored, so
 * custom or advanced business logic can be applied.
 *
 * Upon viewing, editing or deleting a node, hook_node_grants() builds a
 * permissions array that is compared against the stored access records. The
 * user must have one or more matching permissions in order to complete the
 * requested operation.
 *
209 210
 * A module may deny all access to a node by setting $grants to an empty array.
 *
211
 * @param array $grants
212
 *   The $grants array returned by hook_node_access_records().
213
 * @param \Drupal\node\NodeInterface $node
214 215 216
 *   The node for which the grants were acquired.
 *
 * The preferred use of this hook is in a module that bridges multiple node
217 218
 * access modules with a configurable behavior, as shown in the example with the
 * 'is_preview' field.
219
 *
220 221 222
 * @see hook_node_access_records()
 * @see hook_node_grants()
 * @see hook_node_grants_alter()
223 224
 * @ingroup node_access
 */
225
function hook_node_access_records_alter(&$grants, Drupal\node\NodeInterface $node) {
226 227 228 229 230 231 232 233 234
  // Our module allows editors to mark specific articles with the 'is_preview'
  // field. If the node being saved has a TRUE value for that field, then only
  // our grants are retained, and other grants are removed. Doing so ensures
  // that our rules are enforced no matter what priority other grants are given.
  if ($node->is_preview) {
    // Our module grants are set in $grants['example'].
    $temp = $grants['example'];
    // Now remove all module grants but our own.
    $grants = array('example' => $temp);
235 236 237 238 239 240 241
  }
}

/**
 * Alter user access rules when trying to view, edit or delete a node.
 *
 * Node access modules establish rules for user access to content.
242 243 244 245 246
 * hook_node_grants() defines permissions for a user to view, edit or delete
 * nodes by building a $grants array that indicates the permissions assigned to
 * the user by each node access module. This hook is called to allow modules to
 * modify the $grants array by reference, so the interaction of multiple node
 * access modules can be altered or advanced business logic can be applied.
247 248 249 250
 *
 * The resulting grants are then checked against the records stored in the
 * {node_access} table to determine if the operation may be completed.
 *
251 252
 * A module may deny all access to a user by setting $grants to an empty array.
 *
253 254
 * Developers may use this hook to either add additional grants to a user or to
 * remove existing grants. These rules are typically based on either the
255 256
 * permissions assigned to a user role, or specific attributes of a user
 * account.
257
 *
258
 * @param array $grants
259
 *   The $grants array returned by hook_node_grants().
260 261 262
 * @param \Drupal\Core\Session\AccountInterface $account
 *   The account requesting access to content.
 * @param string $op
263 264
 *   The operation being performed, 'view', 'update' or 'delete'.
 *
265 266 267
 * @see hook_node_grants()
 * @see hook_node_access_records()
 * @see hook_node_access_records_alter()
268 269
 * @ingroup node_access
 */
270
function hook_node_grants_alter(&$grants, \Drupal\Core\Session\AccountInterface $account, $op) {
271 272 273 274 275 276
  // Our sample module never allows certain roles to edit or delete
  // content. Since some other node access modules might allow this
  // permission, we expressly remove it by returning an empty $grants
  // array for roles specified in our variable setting.

  // Get our list of banned roles.
277
  $restricted = \Drupal::config('example.settings')->get('restricted_roles');
278

279 280
  if ($op != 'view' && !empty($restricted)) {
    // Now check the roles for this account against the restrictions.
281
    foreach ($account->getRoles() as $rid) {
282
      if (in_array($rid, $restricted)) {
283 284 285 286 287 288
        $grants = array();
      }
    }
  }
}

289
/**
290
 * Controls access to a node.
291 292 293 294
 *
 * Modules may implement this hook if they want to have a say in whether or not
 * a given user has access to perform a given operation on a node.
 *
295 296
 * The administrative account (user ID #1) always passes any access check, so
 * this hook is not called in that case. Users with the "bypass node access"
297 298 299
 * permission may always view and edit content through the administrative
 * interface.
 *
300
 * Note that not all modules will want to influence access on all node types. If
301 302 303 304
 * your module does not want to explicitly allow or forbid access, return an
 * AccessResultInterface object with neither isAllowed() nor isForbidden()
 * equaling TRUE. Blindly returning an object with isForbidden() equaling TRUE
 * will break other node access modules.
305
 *
306 307 308 309
 * Also note that this function isn't called for node listings (e.g., RSS feeds,
 * the default home page at path 'node', a recent content block, etc.) See
 * @link node_access Node access rights @endlink for a full explanation.
 *
310
 * @param \Drupal\node\NodeInterface|string $node
311
 *   Either a node entity or the machine name of the content type on which to
312
 *   perform the access check.
313
 * @param string $op
314 315 316 317 318
 *   The operation to be performed. Possible values:
 *   - "create"
 *   - "delete"
 *   - "update"
 *   - "view"
319
 * @param \Drupal\Core\Session\AccountInterface $account
320
 *   The user object to perform the access check operation on.
321
 *
322 323
 * @return \Drupal\Core\Access\AccessResultInterface
 *    The access result.
324 325
 *
 * @ingroup node_access
326
 */
327
function hook_node_access(\Drupal\node\NodeInterface $node, $op, \Drupal\Core\Session\AccountInterface $account) {
328
  $type = $node->bundle();
329

330 331 332
  switch ($op) {
    case 'create':
      return AccessResult::allowedIfHasPermission($account, 'create ' . $type . ' content');
333

334 335
    case 'update':
      if ($account->hasPermission('edit any ' . $type . ' content', $account)) {
336
        return AccessResult::allowed()->cachePerPermissions();
337 338
      }
      else {
339
        return AccessResult::allowedIf($account->hasPermission('edit own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($node);
340
      }
341

342 343
    case 'delete':
      if ($account->hasPermission('delete any ' . $type . ' content', $account)) {
344
        return AccessResult::allowed()->cachePerPermissions();
345 346
      }
      else {
347
        return AccessResult::allowedIf($account->hasPermission('delete own ' . $type . ' content', $account) && ($account->id() == $node->getOwnerId()))->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($node);
348
      }
349

350 351
    default:
      // No opinion.
352
      return AccessResult::neutral();
353
  }
354 355
}

356
/**
357
 * Act on a node being displayed as a search result.
358
 *
359 360
 * This hook is invoked from the node search plugin during search execution,
 * after loading and rendering the node.
361
 *
362
 * @param \Drupal\node\NodeInterface $node
363 364
 *   The node being displayed in a search result.
 *
365 366
 * @return array
 *   Extra information to be displayed with search result. This information
367 368 369
 *   should be presented as an associative array. It will be concatenated with
 *   the post information (last updated, author) in the default search result
 *   theming.
370 371
 *
 * @see template_preprocess_search_result()
372
 * @see search-result.html.twig
373
 *
374
 * @ingroup entity_crud
375
 */
376
function hook_node_search_result(\Drupal\node\NodeInterface $node) {
377
  $rating = db_query('SELECT SUM(points) FROM {my_rating} WHERE nid = :nid', array('nid' => $node->id()))->fetchField();
378
  return array('rating' => \Drupal::translation()->formatPlural($rating, '1 point', '@count points'));
379 380 381
}

/**
382
 * Act on a node being indexed for searching.
383
 *
384 385
 * This hook is invoked during search indexing, after loading, and after the
 * result of rendering is added as $node->rendered to the node object.
386
 *
387
 * @param \Drupal\node\NodeInterface $node
388 389
 *   The node being indexed.
 *
390 391
 * @return string
 *   Additional node information to be indexed.
392
 *
393
 * @ingroup entity_crud
394
 */
395
function hook_node_update_index(\Drupal\node\NodeInterface $node) {
396
  $text = '';
397 398
  $ratings = db_query('SELECT title, description FROM {my_ratings} WHERE nid = :nid', array(':nid' => $node->id()));
  foreach ($ratings as $rating) {
399
    $text .= '<h2>' . Html::escape($rating->title) . '</h2>' . Xss::filter($rating->description);
400 401 402 403
  }
  return $text;
}

404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424
/**
 * Provide additional methods of scoring for core search results for nodes.
 *
 * A node's search score is used to rank it among other nodes matched by the
 * search, with the highest-ranked nodes appearing first in the search listing.
 *
 * For example, a module allowing users to vote on content could expose an
 * option to allow search results' rankings to be influenced by the average
 * voting score of a node.
 *
 * All scoring mechanisms are provided as options to site administrators, and
 * may be tweaked based on individual sites or disabled altogether if they do
 * not make sense. Individual scoring mechanisms, if enabled, are assigned a
 * weight from 1 to 10. The weight represents the factor of magnification of
 * the ranking mechanism, with higher-weighted ranking mechanisms having more
 * influence. In order for the weight system to work, each scoring mechanism
 * must return a value between 0 and 1 for every node. That value is then
 * multiplied by the administrator-assigned weight for the ranking mechanism,
 * and then the weighted scores from all ranking mechanisms are added, which
 * brings about the same result as a weighted average.
 *
425
 * @return array
426 427 428 429
 *   An associative array of ranking data. The keys should be strings,
 *   corresponding to the internal name of the ranking mechanism, such as
 *   'recent', or 'comments'. The values should be arrays themselves, with the
 *   following keys available:
430
 *   - title: (required) The human readable name of the ranking mechanism.
431
 *   - join: (optional) An array with information to join any additional
432 433 434 435 436 437 438 439
 *     necessary table. This is not necessary if the table required is already
 *     joined to by the base query, such as for the {node} table. Other tables
 *     should use the full table name as an alias to avoid naming collisions.
 *   - score: (required) The part of a query string to calculate the score for
 *     the ranking mechanism based on values in the database. This does not need
 *     to be wrapped in parentheses, as it will be done automatically; it also
 *     does not need to take the weighted system into account, as it will be
 *     done automatically. It does, however, need to calculate a decimal between
440
 *     0 and 1; be careful not to cast the entire score to an integer by
441 442 443
 *     inadvertently introducing a variable argument.
 *   - arguments: (optional) If any arguments are required for the score, they
 *     can be specified in an array here.
444
 *
445
 * @ingroup entity_crud
446 447 448
 */
function hook_ranking() {
  // If voting is disabled, we can avoid returning the array, no hard feelings.
449
  if (\Drupal::config('vote.settings')->get('node_enabled')) {
450 451 452 453 454
    return array(
      'vote_average' => array(
        'title' => t('Average vote'),
        // Note that we use i.sid, the search index's search item id, rather than
        // n.nid.
455 456 457 458 459 460
        'join' => array(
          'type' => 'LEFT',
          'table' => 'vote_node_data',
          'alias' => 'vote_node_data',
          'on' => 'vote_node_data.nid = i.sid',
        ),
461 462 463 464
        // The highest possible score should be 1, and the lowest possible score,
        // always 0, should be 0.
        'score' => 'vote_node_data.average / CAST(%f AS DECIMAL)',
        // Pass in the highest possible voting score as a decimal argument.
465
        'arguments' => array(\Drupal::config('vote.settings')->get('score_max')),
466 467 468 469 470
      ),
    );
  }
}

471 472 473 474 475 476 477 478 479 480
/**
 * Alter the links of a node.
 *
 * @param array &$links
 *   A renderable array representing the node links.
 * @param \Drupal\node\NodeInterface $entity
 *   The node being rendered.
 * @param array &$context
 *   Various aspects of the context in which the node links are going to be
 *   displayed, with the following keys:
481 482
 *   - 'view_mode': the view mode in which the node is being viewed
 *   - 'langcode': the language in which the node is being viewed
483 484 485
 *
 * @see \Drupal\node\NodeViewBuilder::renderLinks()
 * @see \Drupal\node\NodeViewBuilder::buildLinks()
486
 * @see entity_crud
487 488 489 490 491 492 493 494 495 496 497 498 499 500 501
 */
function hook_node_links_alter(array &$links, NodeInterface $entity, array &$context) {
  $links['mymodule'] = array(
    '#theme' => 'links__node__mymodule',
    '#attributes' => array('class' => array('links', 'inline')),
    '#links' => array(
      'node-report' => array(
        'title' => t('Report'),
        'href' => "node/{$entity->id()}/report",
        'query' => array('token' => \Drupal::getContainer()->get('csrf_token')->get("node/{$entity->id()}/report")),
      ),
    ),
  );
}

502 503 504
/**
 * @} End of "addtogroup hooks".
 */