Issue #3161541 by a.milkovsky, FeyP, SirClickALot, anruether: Add permissions...

* adds several permissions to view published and unpublished terms.

* adds a per-vocabulary "VOCABULARY: Reorder terms" permission.

* adds several permissions to select published and unpublished terms in autocomplete widgets of certain entity reference fields.

* adds several permissions to view vocabulary names.

* adds several permissions to reset vocabularies.

* removes vocabularies the user doesn't have permission to either create, delete, edit, reorder terms in or reset from the vocabulary overview page.

Permissions to select any terms are also available both for published and unpublished terms. They will grant access to "select terms" for any vocabulary.

The per-vocabulary "VOCABULARY: View vocabulary name" permission will allow users to view the name of the vocabulary. There is also a permission to "view any vocabulary name".

Users having permission to access the overview page of a vocabulary (i.e. the page that lists all terms in a vocabulary) do also have access to view the vocabulary name even if they don't have permission to "VOCABULARY: View vocabulary name" or "View any vocabulary name".

The per-vocabulary "VOCABULARY: Reset" permission will allow users to access to the vocabulary reset form that resets the term order of the vocabulary to alphabetical order. If they also have the "Access vocabulary overview page" permission provided by Drupal Core, they will be granted access to the vocabulary collection page and the vocabulary overview page for the relevant vocabulary and the "Reset to alphabetical order" button on that page. A permission to "Reset any vocabulary" is also available. If users don't have permission to access the vocabulary overview page, they will be redirect to the front page after confirming or canceling the reset operation. You can override the redirect by setting a suitable "destination" query string parameter.

MAINTAINERS

      'view any unpublished term' => $this->t('View any unpublished term'),

      'view any term name' => $this->t('View any published term name'),

      'view any unpublished term name' => $this->t('View any unpublished term name'),

      'view any vocabulary name' => $this->t('View any vocabulary name'),

      'reset any vocabulary' => [

        'title' => $this->t('Reset any vocabulary'),

        'description' => $this->t('Allows resetting term order of any vocabulary to alphabetical order.'),

        '%vocabulary' => $vocabulary->label(),

      ]),

    ];

    $permissions['view vocabulary name of ' . $vocabulary->id()] = [

      'title' => $this->t('%vocabulary: View vocabulary name', [

        '%vocabulary' => $vocabulary->label(),

      ]),

    ];

    $permissions['reorder terms in ' . $vocabulary->id()] = [

      'title' => $this->t('%vocabulary: Reorder terms', [

        '%vocabulary' => $vocabulary->label(),

use Drupal\Core\Entity\EntityHandlerInterface;

use Drupal\Core\Entity\EntityTypeInterface;

use Drupal\Core\Entity\EntityTypeManagerInterface;

use Drupal\Core\Field\FieldDefinitionInterface;

use Drupal\Core\Field\FieldItemListInterface;

use Drupal\Core\Session\AccountInterface;

use Drupal\taxonomy\VocabularyAccessControlHandler as OriginalVocabularyAccessControlHandler;

use Symfony\Component\DependencyInjection\ContainerInterface;

  use ReasonTrait;

  /**

   * {@inheritdoc}

   */

  protected $viewLabelOperation = TRUE;

  /**

   * The entity type manager.

   *

   * {@inheritdoc}

   */

  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

    if (!in_array($operation, ['reorder_terms', 'reset'], TRUE)) {

    if (!in_array($operation, ['reorder_terms', 'reset', 'view label'], TRUE)) {

      $access_result = parent::checkAccess($entity, $operation, $account);

      if (in_array($operation, ['access taxonomy overview', 'view'])) {

        $taxonomy_term_access_control_handler = $this->entityTypeManager->getAccessControlHandler('taxonomy_term');

    $access_result = AccessResult::allowedIfHasPermissions($account, $permissions, 'OR')

      ->cachePerPermissions()

      ->addCacheableDependency($entity);

    if ($operation === 'view label' && !$access_result->isAllowed()) {

      $access_result = $access_result->orIf($this->checkAccess($entity, 'view', $account));

    }

    if (!$access_result->isAllowed()) {

      /** @var \Drupal\Core\Access\AccessResultReasonInterface $access_result */

      $access_result->setReason($this->getReason($permissions));

    return $access_result;

  }

  /**

   * {@inheritdoc}

   */

  protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {

    if ($items !== NULL && $field_definition->getName() === $this->entityType->getKey('label')) {

      $entity = $items->getEntity();

      return $this->checkAccess($entity, 'view label', $account);

    }

    return parent::checkFieldAccess($operation, $field_definition, $account, $items);

  }

  /**

   * Gets permissions allowing an operation for an entity.

   *

  protected function getPermissions(EntityInterface $entity, string $operation): array {

    /** @var \Drupal\taxonomy\VocabularyInterface $entity */

    if ($operation === 'reorder_terms') {

      return ["reorder terms in {$entity->id()}"];

      return [

        "reorder terms in {$entity->id()}",

      ];

    }

    elseif ($operation === 'reset') {

      return [

        "{$operation} any vocabulary",

      ];

    }

    elseif ($operation === 'view label') {

      return [

        "view vocabulary name of {$entity->id()}",

        'view any vocabulary name',

      ];

    }

    return [];

  }

langcode: en

status: true

dependencies:

  module:

    - taxonomy

    - user

id: vocabulary_labels_test

label: vocabulary_labels_test

module: views

description: ''

tag: ''

base_table: taxonomy_term_field_data

base_field: tid

display:

  default:

    id: default

    display_title: Default

    display_plugin: default

    position: 0

    display_options:

      title: vocabulary_labels_test

      fields:

        name:

          id: name

          table: taxonomy_term_field_data

          field: name

          relationship: none

          group_type: group

          admin_label: ''

          entity_type: taxonomy_term

          entity_field: name

          plugin_id: term_name

          label: ''

          exclude: false

          alter:

            alter_text: false

            make_link: false

            absolute: false

            word_boundary: false

            ellipsis: false

            strip_tags: false

            trim: false

            html: false

          element_type: ''

          element_class: ''

          element_label_type: ''

          element_label_class: ''

          element_label_colon: true

          element_wrapper_type: ''

          element_wrapper_class: ''

          element_default_classes: true

          empty: ''

          hide_empty: false

          empty_zero: false

          hide_alter_empty: true

          click_sort_column: value

          type: string

          settings:

            link_to_entity: true

          group_column: value

          group_columns: {  }

          group_rows: true

          delta_limit: 0

          delta_offset: 0

          delta_reversed: false

          delta_first_last: false

          multi_type: separator

          separator: ', '

          field_api_classes: false

          convert_spaces: false

        vid:

          id: vid

          table: taxonomy_term_field_data

          field: vid

          relationship: none

          group_type: group

          admin_label: ''

          entity_type: taxonomy_term

          entity_field: vid

          plugin_id: field

          label: ''

          exclude: false

          alter:

            alter_text: false

            text: ''

            make_link: false

            path: ''

            absolute: false

            external: false

            replace_spaces: false

            path_case: none

            trim_whitespace: false

            alt: ''

            rel: ''

            link_class: ''

            prefix: ''

            suffix: ''

            target: ''

            nl2br: false

            max_length: 0

            word_boundary: true

            ellipsis: true

            more_link: false

            more_link_text: ''

            more_link_path: ''

            strip_tags: false

            trim: false

            preserve_tags: ''

            html: false

          element_type: ''

          element_class: ''

          element_label_type: ''

          element_label_class: ''

          element_label_colon: false

          element_wrapper_type: ''

          element_wrapper_class: ''

          element_default_classes: true

          empty: ''

          hide_empty: false

          empty_zero: false

          hide_alter_empty: true

          click_sort_column: target_id

          type: entity_reference_label

          settings:

            link: true

          group_column: target_id

          group_columns: {  }

          group_rows: true

          delta_limit: 0

          delta_offset: 0

          delta_reversed: false

          delta_first_last: false

          multi_type: separator

          separator: ', '

          field_api_classes: false

      pager:

        type: some

        options:

          offset: 0

          items_per_page: 10

      exposed_form:

        type: basic

        options:

          submit_button: Apply

          reset_button: false

          reset_button_label: Reset

          exposed_sorts_label: 'Sort by'

          expose_sort_order: true

          sort_asc_label: Asc

          sort_desc_label: Desc

      access:

        type: perm

        options:

          perm: 'access content'

      cache:

        type: tag

        options: {  }

      empty: {  }

      sorts: {  }

      arguments: {  }

      filters:

        status:

          id: status

          table: taxonomy_term_field_data

          field: status

          entity_type: taxonomy_term

          entity_field: status

          plugin_id: boolean

          value: '1'

          group: 1

          expose:

            operator: ''

      style:

        type: default

      row:

        type: fields

      query:

        type: views_query

        options:

          query_comment: ''

          disable_sql_rewrite: false

          distinct: false

          replica: false

          query_tags: {  }

      relationships: {  }

      header: {  }

      footer: {  }

      display_extenders: {  }

    cache_metadata:

      max-age: -1

      contexts:

        - 'languages:language_content'

        - 'languages:language_interface'

        - user.permissions

      tags: {  }

  page_1:

    id: page_1

    display_title: Page

    display_plugin: page

    position: 1

    display_options:

      display_extenders: {  }

      path: vocabulary-labels-test

    cache_metadata:

      max-age: -1

      contexts:

        - 'languages:language_content'

        - 'languages:language_interface'

        - user.permissions

      tags: {  }