diff --git a/src/Plugin/Linkit/Matcher/NodeMatcher.php b/src/Plugin/Linkit/Matcher/NodeMatcher.php index f40c7c006e049a7fbaeb92b579ccdbbbd004f9e1..a506cf4e77ba5d40fd04a816a6403a9ddbaccc38 100644 --- a/src/Plugin/Linkit/Matcher/NodeMatcher.php +++ b/src/Plugin/Linkit/Matcher/NodeMatcher.php @@ -85,30 +85,60 @@ class NodeMatcher extends EntityMatcher { protected function buildEntityQuery($search_string) { $query = parent::buildEntityQuery($search_string); - if ($this->configuration['include_unpublished'] == FALSE) { - $query->condition('status', NodeInterface::PUBLISHED); + // Default case: Users can only see published nodes. + $condition = $query + ->andConditionGroup() + ->condition('status', NodeInterface::PUBLISHED); + // We can skip filtering for these cases. + if ($this->currentUserCanViewAllContent() || $this->currentUserHasNodeGrants()) { + $condition = NULL; } - elseif (count($this->moduleHandler->getImplementations('node_grants')) === 0) { - if (($this->currentUser->hasPermission('bypass node access') || $this->currentUser->hasPermission('view any unpublished content'))) { - // User can see all content, no check necessary. - } - elseif ($this->currentUser->hasPermission('view own unpublished content')) { - // Users with "view own unpublished content" can see only their own. - if ($this->configuration['include_unpublished'] == TRUE) { - $or_condition = $query - ->orConditionGroup() - ->condition('status', NodeInterface::PUBLISHED) - ->condition('uid', $this->currentUser->id()); - $query->condition($or_condition); - } - } + // OR-based filtering for holders of 'view own unpublished content'. + elseif ($this->currentUserCanViewOwnUnpublishedContent()) { + $condition = $query + ->orConditionGroup() + ->condition('status', NodeInterface::PUBLISHED) + ->condition('uid', $this->currentUser->id()); } - else { - // All other users should only get published results. - $query->condition('status', NodeInterface::PUBLISHED); + // Add the generated condition, if one is set. + if ($condition) { + $query->condition($condition); } return $query; } + /** + * Checks whether the current user is allowed to view all content. + * + * This check takes 'include_unpublished' into account. + */ + protected function currentUserCanViewAllContent() { + // Some users can see all content. + return $this->configuration['include_unpublished'] && + ($this->currentUser->hasPermission('bypass node access') || + $this->currentUser->hasPermission('view any unpublished content')); + } + + /** + * Checks whether any module grants global 'view' access to the current user. + * + * This check takes 'include_unpublished' into account. + */ + protected function currentUserHasNodeGrants() { + return $this->configuration['include_unpublished'] && + $this->moduleHandler->getImplementations('node_grants') && + $this->entityTypeManager->getAccessControlHandler('node')->checkAllGrants($this->currentUser); + } + + /** + * Checks whether the user is allowed to view own nodes. + * + * This check takes 'include_unpublished' into account. + */ + protected function currentUserCanViewOwnUnpublishedContent() { + return $this->configuration['include_unpublished'] && + $this->currentUser->hasPermission('view own unpublished content'); + } + }