Skip to content
Snippets Groups Projects
Commit dc9ce4e7 authored by Nidhi Patadia's avatar Nidhi Patadia Committed by Kostia Bohach
Browse files

#3428569 Check permissions before render an edit link for the node and content type

parent 898fee35
No related branches found
No related tags found
1 merge request!10#3428569 Check permissions before render an edit link for the node and content type
Pipeline #146681 passed
......@@ -12,6 +12,7 @@ use Drupal\Core\Url;
use Drupal\entity_reference_edit_link\Plugin\Field\FieldWidget\EntityReferenceEditLinkAutocompleteTagsWidget;
use Drupal\entity_reference_edit_link\Plugin\Field\FieldWidget\EntityReferenceEditLinkAutocompleteWidget;
use Drupal\node\NodeForm;
use Drupal\user\Entity\User;
/**
* Implements hook_preprocess_HOOK().
......@@ -88,7 +89,9 @@ function entity_reference_edit_link_field_widget_complete_form_alter(&$field_wid
return;
}
if (empty($items = $context['items']) || empty($entity = $items->entity)) {
$entity = !empty($context['items']) ? $context['items']->entity : NULL;
$user = User::load(\Drupal::currentUser()->id());
if (empty($entity) || !$entity->access('update', $user)) {
return;
}
......@@ -134,8 +137,8 @@ function entity_reference_edit_link_form_alter(&$form, FormStateInterface $form_
if (!$node) {
return;
}
if (entity_reference_edit_link_allowed_content_type($node)) {
$form['#title'] = entity_reference_edit_link_build_entity_type_link($node);
if (_entity_reference_edit_link_allowed_content_type($node) && _entity_reference_edit_link_check_permissions()) {
$form['#title'] = _entity_reference_edit_link_build_entity_type_link($node);
}
}
......@@ -149,8 +152,8 @@ function entity_reference_edit_link_preprocess_page_title(&$variables) {
if (!$node || \Drupal::routeMatch()->getRouteName() != 'entity.node.edit_form') {
return;
}
if (entity_reference_edit_link_allowed_content_type($node)) {
$variables['#title'] = entity_reference_edit_link_build_entity_type_link($node);
if (_entity_reference_edit_link_allowed_content_type($node) && _entity_reference_edit_link_check_permissions()) {
$variables['#title'] = _entity_reference_edit_link_build_entity_type_link($node);
}
}
......@@ -170,7 +173,7 @@ function entity_reference_edit_link_theme_registry_alter(&$theme_registry) {
/**
* Implements hook_entity().
*/
function entity_reference_edit_link_build_entity_type_link($node) {
function _entity_reference_edit_link_build_entity_type_link($node) {
$url = Url::fromRoute("entity.{$node->getEntityTypeId()}.field_ui_fields", [
'node_type' => $node->bundle(),
],
......@@ -186,7 +189,17 @@ function entity_reference_edit_link_build_entity_type_link($node) {
/**
* Implements custom function to check allowed content types.
*/
function entity_reference_edit_link_allowed_content_type($node) {
function _entity_reference_edit_link_allowed_content_type($node) {
return !empty($allowedContentTypes = \Drupal::config('edit_link.config')->get('content_types'))
&& in_array($node->bundle(), $allowedContentTypes);
}
/**
* Checks user permissions.
*
* @return bool
* Returns TRUE if current user has specific permission.
*/
function _entity_reference_edit_link_check_permissions() {
return \Drupal::currentUser()->hasPermission('administer node fields');
}
......@@ -5,12 +5,38 @@ namespace Drupal\entity_reference_edit_link\Plugin\Field\FieldWidget;
use Drupal\Core\Field\FieldItemListInterface;
use Drupal\Core\Field\Plugin\Field\FieldWidget\EntityReferenceAutocompleteWidget;
use Drupal\Core\Form\FormStateInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
/**
* Class to alter original entity reference autocomplete tags widget.
*/
class EntityReferenceEditLinkAutocompleteWidget extends EntityReferenceAutocompleteWidget {
/**
* The current user.
*
* @var \Drupal\Core\Session\AccountInterface
*/
protected $currentUser;
/**
* The user storage.
*
* @var \Drupal\user\UserStorageInterface
*/
protected $userStorage;
/**
* {@inheritdoc}
*/
public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
$instance = parent::create($container, $configuration, $plugin_id, $plugin_definition);
$instance->currentUser = $container->get('current_user');
$instance->userStorage = $container->get('entity_type.manager')->getStorage('user');
return $instance;
}
/**
* {@inheritdoc}
*/
......@@ -22,6 +48,12 @@ class EntityReferenceEditLinkAutocompleteWidget extends EntityReferenceAutocompl
return parent::formElement($items, $delta, $element, $form, $form_state);
}
$user = $this->userStorage->load($this->currentUser->id());
/** @var \Drupal\Core\Entity\EntityInterface $referencedEntity */
if (!$referencedEntity->access('update', $user)) {
return parent::formElement($items, $delta, $element, $form, $form_state);
}
$element += [
'#attached' => [
'library' => ['entity_reference_edit_link/reference.field'],
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment