NodeGrantDatabaseStorageInterface.php 3.99 KB
Newer Older
1 2 3 4 5 6 7
<?php

namespace Drupal\node;

use Drupal\Core\Session\AccountInterface;

/**
8
 * Provides an interface for node access grant storage.
9 10
 *
 * @ingroup node_access
11 12 13 14 15 16 17 18 19 20
 */
interface NodeGrantDatabaseStorageInterface {

  /**
   * Checks all grants for a given account.
   *
   * @param \Drupal\Core\Session\AccountInterface $account
   *   A user object representing the user for whom the operation is to be
   *   performed.
   *
21
   * @return int
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
   *   Status of the access check.
   */
  public function checkAll(AccountInterface $account);

  /**
   * Alters a query when node access is required.
   *
   * @param mixed $query
   *   Query that is being altered.
   * @param array $tables
   *   A list of tables that need to be part of the alter.
   * @param string $op
   *    The operation to be performed on the node. Possible values are:
   *    - "view"
   *    - "update"
   *    - "delete"
   *    - "create"
   * @param \Drupal\Core\Session\AccountInterface $account
   *   A user object representing the user for whom the operation is to be
   *   performed.
   * @param string $base_table
   *   The base table of the query.
   *
   * @return int
   *   Status of the access check.
   */
  public function alterQuery($query, array $tables, $op, AccountInterface $account, $base_table);

  /**
   * Writes a list of grants to the database, deleting previously saved ones.
   *
   * If a realm is provided, it will only delete grants from that realm, but
   * it will always delete a grant from the 'all' realm. Modules that use
55 56
   * node access can use this method when doing mass updates due to widespread
   * permission changes.
57 58
   *
   * Note: Don't call this method directly from a contributed module. Call
59
   * \Drupal\node\NodeAccessControlHandlerInterface::acquireGrants() instead.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
   *
   * @param \Drupal\node\NodeInterface $node
   *   The node whose grants are being written.
   * @param array $grants
   *   A list of grants to write. Each grant is an array that must contain the
   *   following keys: realm, gid, grant_view, grant_update, grant_delete.
   *   The realm is specified by a particular module; the gid is as well, and
   *   is a module-defined id to define grant privileges. each grant_* field
   *   is a boolean value.
   * @param string $realm
   *   (optional) If provided, read/write grants for that realm only. Defaults to
   *   NULL.
   * @param bool $delete
   *   (optional) If false, does not delete records. This is only for optimization
   *   purposes, and assumes the caller has already performed a mass delete of
   *   some form. Defaults to TRUE.
   */
  public function write(NodeInterface $node, array $grants, $realm = NULL, $delete = TRUE);

  /**
   * Deletes all node access entries.
   */
  public function delete();

  /**
   * Creates the default node access grant entry.
   */
  public function writeDefault();

  /**
   * Determines access to nodes based on node grants.
   *
92
   * @param \Drupal\node\NodeInterface $node
93 94 95 96 97 98 99
   *   The entity for which to check 'create' access.
   * @param string $operation
   *   The entity operation. Usually one of 'view', 'edit', 'create' or
   *   'delete'.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user for which to check access.
   *
100
   * @return \Drupal\Core\Access\AccessResultInterface
101 102 103 104 105 106
   *   The access result, either allowed or neutral. If there are no node
   *   grants, the default grant defined by writeDefault() is applied.
   *
   * @see hook_node_grants()
   * @see hook_node_access_records()
   * @see \Drupal\node\NodeGrantDatabaseStorageInterface::writeDefault()
107
   */
108
  public function access(NodeInterface $node, $operation, AccountInterface $account);
109 110 111 112 113 114 115 116 117

  /**
   * Counts available node grants.
   *
   * @return int
   *   Returns the amount of node grants.
   */
  public function count();

118 119 120 121 122 123 124 125 126
  /**
   * Remove the access records belonging to certain nodes.
   *
   * @param array $nids
   *   A list of node IDs. The grant records belonging to these nodes will be
   *   deleted.
   */
  public function deleteNodeRecords(array $nids);

127
}