From bf5c45aea9b942c42c2272a1006ad9f9a77a5a0c Mon Sep 17 00:00:00 2001 From: Jordan Dukart Date: Tue, 20 Jul 2021 15:54:47 -0300 Subject: [PATCH] Add a constraint for filtering access terms. --- idc_defaults.module | 3 + .../Constraint/WorkbenchSections.php | 32 ++++++ .../Constraint/WorkbenchSectionsValidator.php | 102 ++++++++++++++++++ 3 files changed, 137 insertions(+) create mode 100644 src/Plugin/Validation/Constraint/WorkbenchSections.php create mode 100644 src/Plugin/Validation/Constraint/WorkbenchSectionsValidator.php diff --git a/idc_defaults.module b/idc_defaults.module index 7d21be9..3466e87 100644 --- a/idc_defaults.module +++ b/idc_defaults.module @@ -14,4 +14,7 @@ function idc_defaults_entity_bundle_field_info_alter(&$fields, EntityTypeInterfa if (isset($fields['field_member_of'])) { $fields['field_member_of']->addConstraint('WorkbenchAccess'); } + if (isset($fields['field_access_terms'])) { + $fields['field_access_terms']->addConstraint('WorkbenchSections'); + } } diff --git a/src/Plugin/Validation/Constraint/WorkbenchSections.php b/src/Plugin/Validation/Constraint/WorkbenchSections.php new file mode 100644 index 0000000..1495a73 --- /dev/null +++ b/src/Plugin/Validation/Constraint/WorkbenchSections.php @@ -0,0 +1,32 @@ +entityTypeManager = $entityTypeManager; + $this->currentUser = $currentUser; + $this->userSectionStorage = $userSectionStorage; + } + + /** + * {@inheritdoc} + */ + public static function create(ContainerInterface $container) { + return new static( + $container->get('entity_type.manager'), + $container->get('current_user'), + $container->get('workbench_access.user_section_storage') + ); + } + + /** + * {@inheritdoc} + */ + public function validate($items, Constraint $constraint) { + foreach ($items as $item) { + if (!isset($item->entity) || !$item->entity instanceof TermInterface) { + $this->context->addViolation($constraint->badType); + } + else { + if (!$this->currentUser->hasPermission('bypass workbench access')) { + // Ensure that an access scheme applies for this entity, bundle and + // field. + foreach ($this->entityTypeManager->getStorage('access_scheme')->loadMultiple() as $access_scheme) { + $scheme = $access_scheme->getAccessScheme(); + if (!$scheme->applies($item->getEntity()->getEntityTypeId(), $item->getEntity()->bundle())) { + continue; + } + $fields = $scheme->getApplicableFields($item->getEntity()->getEntityTypeId(), $item->getEntity()->bundle()); + foreach ($fields as $field) { + if ($field['field'] !== $item->getFieldDefinition()->getName()) { + continue; + } + // Ensure that the entity specified falls within the user's + // allowed entities. + if (!WorkbenchAccessManager::checkTree($access_scheme, [$item->entity->id()], $this->userSectionStorage->getUserSections($access_scheme))) { + $this->context->addViolation($constraint->noAccess, ['@collection' => $item->entity->label()]); + } + } + } + } + } + } + } + +}