Commit 67f7ffe1 authored by Roman Salo's avatar Roman Salo Committed by Taras Kruts
Browse files

Issue #3310620 by rolki: Fix a problem with access to course sections 

Grant access to sections if the request comes from a user who is a member of the group instead of
checking whether he can see the entity, since everyone can see this entity - it does not have
visibility options.
parent 40e63e55

social_course.module

+11 −7
Original line number Diff line number Diff line
@@ -1623,8 +1623,11 @@ function social_course_preprocess_node(array &$variables): void { 


    if (!$entities) {

      $variables['section_status'] = 'not-started';

      $variables['allowed_start'] = $course_wrapper->sectionAccess($node, \Drupal::currentUser(), 'start')

        ->isAllowed();

      $variables['allowed_start'] = $course_wrapper->sectionAccess($node, \Drupal::currentUser(), 'start')->isAllowed();



      if (!$node->get('field_course_section_content')->first()) {

        $variables['allowed_start'] = FALSE;

      }

    }

    else {

      foreach ($entities as $entity) {
@@ -1679,16 +1682,17 @@ function social_course_preprocess_node(array &$variables): void { 
 * Implements hook_node_access().

 */

function social_course_node_access(NodeInterface $node, string $op, AccountInterface $account): AccessResultInterface {

  if ($op == 'view' && $node->id()) {

  if ($op === 'view' && $node->id()) {

    /** @var \Drupal\social_course\CourseWrapperInterface $course_wrapper */

    $course_wrapper = \Drupal::service('social_course.course_wrapper');

    $section = $course_wrapper->getSectionFromMaterial($node);



    if ($node->bundle() == 'course_section' && $course_wrapper->setCourseFromSection($node)->getCourse()) {

      return AccessResult::forbiddenIf(!$course_wrapper->sectionAccess($node, $account, 'view')->isAllowed());

    if ($node->bundle() === 'course_section' && $group = $course_wrapper->setCourseFromSection($node)->getCourse()) {

      return $group->getMember($account) ? AccessResult::allowed() : AccessResult::forbidden();

    }

    elseif ($section && $course_wrapper->setCourseFromSection($section)->getCourse()) {

      return AccessResult::forbiddenIf(!$course_wrapper->materialAccess($node, $account, 'view')->isAllowed());



    if ($section && $group = $course_wrapper->setCourseFromSection($section)->getCourse()) {

      return $group->getMember($account) ? AccessResult::allowed() : AccessResult::forbidden();

    }

  }